Red Hat would like to thank Mike O'Connor for bringing this issue to our attention. Red Hat would like to thank the rsync team for their rapid response and quick fix for this issue. Red Hat would like to thank Ulf Härnhammar for discovering and alerting us to this issue. Red Hat would like to thank Paul Starzetz from ISEC for disclosing this issue as well as Andrea Arcangeli and Solar Designer for working on the patch. Red Hat would like to thank Steffan Esser for finding and reporting these issues and Jacques A. Vidrine for providing initial patches. Red Hat would like to thank Steffan Esser for finding and reporting this issue and Jacques A. Vidrine for providing the initial patch. Red Hat would like to thank Steffan Esser for finding and reporting this issue and Jacques A. Vidrine for providing the initial patch. Red Hat would like to thank Paul Starzetz from ISEC for reporting this issue. Red Hat would like to thank Niels Heinen for reporting this issue. Red Hat would like to thank the Samba team for reporting this issue and providing us with a patch. Red Hat would like to thank David Dawes from XFree86 and iDefense for reporting and working on this issue. Red Hat would like to thank David Dawes from XFree86 and iDefense for reporting and working on this issue. Red Hat would like to thank Craig Southeren of the OpenH323 project for providing the fixes for these issues. Red Hat would like to thank David Dawes from XFree86 for the patches and notification of these issues. Red Hat would like to thank the MIT Kerberos Development Team for their responsible disclosure of this issue. Red Hat would like to thank Ulf Härnhammar for disclosing and providing test cases and patches for these issues. Red Hat would like to thank Ulf Härnhammar for disclosing and providing test cases and patches for these issues. Red Hat would like to thank Stefan Esser for notifying us of this issue and Derek Price for providing an updated patch. Red Hat would like to thank Derek Price for auditing, disclosing, and providing a patch for this issue. Red Hat would like to thank iSEC Security Research for disclosing this issue and a number of vendor-sec participants for reviewing and working on the patch to this issue. Red Hat would like to thank Stefan Esser and Sebastian Krahmer for auditing, disclosing, and providing a patch for this issue. Red Hat would like to thank Stefan Esser and Sebastian Krahmer for auditing, disclosing, and providing a patch for this issue. Red Hat would like to thank Stefan Esser and Sebastian Krahmer for auditing, disclosing, and providing a patch for this issue. Red Hat would like to thank Chris Evans for discovering these issues. Red Hat would like to thank Chris Evans for discovering this issue. Red Hat would like to thank Chris Evans for discovering these issues. Red Hat would like to thank Sebastian Krahmer for auditing, disclosing, and providing a patch for this issue. Red Hat would like to thank iDefense for their responsible disclosure of this issue. Red Hat would like to thank iDefense for their responsible disclosure of this issue. Red Hat would like to thank the MIT Kerberos Development Team and Gaël Delalleau for their responsible disclosure of this issue. Red Hat would like to thank the MIT Kerberos Development Team and Daniel Wachdorf for their responsible disclosure of this issue. Red Hat would like to thank the MIT Kerberos Development Team and Daniel Wachdorf for their responsible disclosure of this issue. Red Hat would like to thank the MIT Kerberos Development Team for their responsible disclosure of this issue. Red Hat would like to thank Derek B. Noonburg for reporting this issue and providing a patch. Red Hat would like to thank Derek B. Noonburg for reporting this issue and providing a patch. Red Hat would like to thank Derek B. Noonburg for reporting this issue and providing a patch. Red Hat would like to thank Chris Evans for reporting this issue. Red Hat would like to thank Chris Evans for reporting this issue. Red Hat would like to thank Chris Evans for reporting this issue. Red Hat would like to thank Chris Evans for reporting this issue. Red Hat would like to thank Dirk Mueller for reporting this issue. Red Hat would like to thank iDefense for reporting this issue. Red Hat would like to thank Solar Designer for reporting this issue. Red Hat would like to thank Dirk Mueller for reporting this issue and providing a patch. Red Hat would like to thank Tavis Ormandy of the Google Security Team for reporting this issue. Red Hat would like to thank Kirill Korotaev for reporting this issue. Red Hat would like to thank Barry Warsaw for disclosing this vulnerability. Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities. Red Hat would like to thank Stephane Eranian for reporting this issue. Red Hat would like to thank Wei Wang of McAfee Avert Labs for reporting this issue. Red Hat would like to thank Olof Johansson for reporting this issue. Red Hat would like to thank Dmitriy Monakhov for reporting this issue. Red Hat would like to thank Kostantin Khorenko for reporting this issue. Red Hat would like to thank Glenn Randers-Pehrson, Mats Palmgren, and Tavis Ormandy for supplying details and patches for this issue. Red Hat would like to thank Kostantin Khorenko for reporting this issue. Red Hat would like to thank Ludwig Nussel for reporting this issue. Red Hat would like to thank Ludwig Nussel for reporting this issue. Red Hat would like to thank Ludwig Nussel for reporting this issue. Red Hat would like to thank Fridrich Štrba and iDefense for alerting us to this issue. Red Hat would like to thank Daniel Roethlisberger for reporting this issue. Red Hat would like to thank John Heasman for reporting this issue. Red Hat would like to thank the SWsoft Virtuozzo/OpenVZ Linux kernel team for reporting this issue. Red Hat would like to thank MIT for reporting this issue. Red Hat would like to thank MIT and iDefense for reporting this issue. Red Hat would like to thank Ulf Härnhammar of Secunia Research for reporting this issue. Red Hat would like to thank MIT for reporting this issue. Red Hat would like to thank Core Security Technologies for reporting this issue. Red Hat would like to thank iDefense for reporting this issue. Red Hat would like to thank Ilja van Sprundel for reporting this issue. Red Hat would like to thank Fridrich Štrba and iDefense for alerting us to this issue. Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing these issues. Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing these issues. Red Hat would like to thank Glenn Randers-Pehrson, Mats Palmgren, and Tavis Ormandy for supplying details and patches for this issue. Red Hat would like to thank the Samba developers, TippingPoint, and iDefense for reporting these issues. Red Hat would like to thank the Samba developers, TippingPoint, and iDefense for reporting these issues. Red Hat would like to thank JLANTHEA for reporting this issue. Red Hat would like to acknowledge Tim Brown of Portcullis Computer Security and Dirk Mueller for these issues. Red Hat would like to thank Dmitry V. Levin for reporting this issue. Red Hat would like to thank Robert Buchholz for reporting this issue. Red Hat would like to thank Rick King for responsibly disclosing this issue. Red Hat would like to thank Alin Rad Pop for reporting this issue. Red Hat would like to credit iDefense and Neil Kettle for reporting this issue. Red Hat would like to thank the Samba developers for responsibly disclosing this issue. Red Hat would like to thank Wojciech Purczynski for reporting this issue. Red Hat would like to credit Chris Evans for reporting this issue. Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing this issue. Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research for responsibly disclosing these issues. Red Hat would like to thank Josh Lange for reporting this issue. Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. Red Hat would like to thank the Google Security Team for responsibly disclosing this issue. Red Hat would like to thank Tim Baum for reporting this issue. Red Hat would like to thank Nick Piggin for responsibly disclosing this issue. Red Hat would like to thank "regenrecht" for reporting this issue. Red Hat would like to thank MIT for reporting this issue. Red Hat would like to thank MIT for reporting this issue. Red Hat would like to thank Ulf Härnhammar of Secunia Research for finding and reporting this issue. Red Hat would like to thank Will Drewry for reporting these issues. Red Hat would like to thank Will Drewry for reporting these issues. Red Hat would like to thank Tavis Ormandy of the Google Security Team for reporting this issue. Red Hat would like to thank MIT and Jeff Altman of Secure Endpoints for reporting this issue. Red Hat would like to thank MIT for reporting this issue. Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. Red Hat would like to thank Aleksander Adamowski for reporting this issue. Red Hat would like to thank Dan Kaminsky for reporting this issue. Red Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting these issues. Red Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting these issues. Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. Red Hat would like to thank Chris Evans and oCERT for reporting this vulnerability. Red Hat would like to thank Sebastian Krahmer for responsibly disclosing this issue. Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue. Red Hat would like to thank Justin Cappos and Justin Samuel for discussing various package update mechanism flaws which led to our discovery of this issue. Red Hat would like to thank Andreas Solberg for responsibly disclosing this issue. Red Hat would like to thank "regenrecht" for reporting this issue. Red Hat would like to thank "regenrecht" for reporting this issue. Red Hat would like to thank "regenrecht" for reporting this issue. Red Hat would like to thank Stéphane Bertin for responsibly disclosing this issue. Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. Credit: Google Security Team (for the original OpenSSL issue), Florian Weimer for spotting that BIND9 was vulnerable. Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product Security team for responsibly reporting these flaws. Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product Security team for responsibly reporting these flaws. Red Hat would like to thank Aaron Sigel of the Apple Product Security team and iDefense for responsibly reporting this flaw. Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product Security team for responsibly reporting this flaw. Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly reporting this flaw. Red Hat would like to thank Ludwig Nussel for reporting this flaw responsibly. Red Hat would like to thank Ludwig Nussel for reporting this flaw responsibly. Red Hat would like to thank Chris Evans from the Google Security Team for reporting this issue. Red Hat would like to thank Chris Evans from the Google Security Team for reporting these issues. Red Hat would like to thank Chris Evans from the Google Security Team for reporting these issues. Red Hat would like to thank Erik Sjölund for reporting this issue. Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting this flaw. Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting these flaws. Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting this issue. Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting this flaw. Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting this flaw. Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting these flaws. Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting these flaws. Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting this flaw. Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw. Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting this flaw. Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting this flaw. Red Hat would like to thank Will Drewry for reporting this issue. Red Hat would like to thank Swen van Brussel for reporting this issue. Red Hat would like to thank Tavis Ormandy of the Google Security Team for responsibly reporting this flaw. Red Hat would like to thank Stefan Cornelius of Secunia Research for responsibly reporting this flaw. Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting this flaw. Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting this flaw. Red Hat would like to thank Aaron Sigel of Apple Product Security for responsibly reporting this issue. Red Hat would like to thank Adam Zabrocki for reporting this issue. Red Hat would like to thank Chris Rohlf for reporting this issue. Red Hat would like to thank Simon Vallet for responsibly reporting this issue. Red Hat would like to thank Stefan Cornelius of Secunia Research for reporting this flaw. Red Hat would like to thank Rafael Dominguez Vega for reporting this issue. Red Hat would like to thank Christian Johansson of Bitsec AB and Thomas Biege of the SUSE Security Team for independently reporting this issue. Red Hat would like to thank Tavis Ormandy of Google Security Team for reporting this issue. Red Hat would like to thank STMicroelectronics for responsibly reporting this issue. Red Hat would like to thank Aki Helin of the Oulu University Secure Programming Group for responsibly reporting this flaw. Red Hat would like to thank Telesys Software for responsibly reporting this issue. Red Hat would like to thank CERT-FI for responsibly reporting this flaw, who credit Ilkka Mattila and Tuomas Salomäki for the discovery of the issue. Red Hat would like to thank CERT-FI for responsibly reporting this flaw, who credit Ilkka Mattila and Tuomas Salomäki for the discovery of the issue. Red Hat would like to thank Mathias Krause for reporting this issue. Red Hat would like to thank Sebastian Krahmer for reporting this issue. Red Hat would like to thank Ramon de C. Valle for reporting this issue. Red Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project for responsibly reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Sebastian Krahmer of SuSE Security Team for responsibly reporting this issue. Red Hat would like to thank the Apple Product Security team for responsibly reporting this issue. Upstream acknowledges Adrian 'pagvac' Pastor of GNUCITIZEN and Tim Starling as the original reporters. Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. Red Hat would like to thank the Apple Product Security team for responsibly reporting this issue. Upstream acknowledges regenrecht as the original reporter. Red Hat would like to thank Jakob Lell for responsibly reporting this issue. Red Hat would like to thank Daniel Stenberg for responsibly reporting this issue. Upstream acknowledges Wesley Miaw as the original reporter. Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded Security for responsibly reporting this issue. Red Hat would like to thank the Debian Security Team for reporting this issue. The Debian Security Team acknowledges Ronald Volgers as the original reporter. Red Hat would like to thank Dan Rosenberg for responsibly reporting these flaws. Red Hat would like to thank Dan Rosenberg for responsibly reporting these flaws. MITRE has rejected the use of CVE-2009-3297 because it was used for samba, ncpfs, and fuse when it should only have been used for Samba. Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter. Red Hat would like to thank Marcus Meissner for reporting this issue. Red Hat would like to thank Neil Brown for reporting this issue. Red Hat would like to thank Ang Way Chuang for reporting this issue. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Ralf Philipp Weinmann working with TippingPoint's Zero Day Initiative as the original reporter. Red Hat would like to thank John Sullivan for responsibly reporting this flaw. Red Hat would like to thank Todd C. Miller, the upstream sudo maintainer, for responsibly reporting this issue. Upstream acknowledges Valerio Costamagna as the original reporter. Red Hat would like to thank Tim Bunce for responsibly reporting this issue. Upstream acknowledges Nick Cleaton as the original reporter. Red Hat would like to thank Tim Bunce for responsibly reporting this issue. Red Hat would like to thank Jukka Taimisto and Olli Jarva of Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of their customer, for reporting this issue. Red Hat would like to thank the MIT Kerberos Team for responsibly reporting this issue. Upstream acknowledges Shawn Emery of Oracle as the original reporter. Red Hat would like to thank the MIT Kerberos Team for reporting this issue. Upstream acknowledges Mike Roszkowski as the original reporter. Red Hat would like to thank the MIT Kerberos Team for reporting this issue. Red Hat would like to thank the MIT Kerberos Team for reporting this issue. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Matthieu Bonetti of VUPEN Vulnerability Research Team as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges regenrecht working with iDefense as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative, as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative, as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Ojan Vafai of Google Inc. as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Aki Helin of OUSPG as the original reporter. Red Hat would like to thank Apple Product Security for responsibly reporting this flaw, who credit Kevin Finisterre of digitalmunition.com for the discovery of the issue. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Dave Bowker of davebowker.com as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Mark Dowd of Azimuth Security as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Aki Helin of OUSPG as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509 as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges kuzzcc, and Skylined of Google Chrome Security Team, as the original reporters. Red Hat would like to thank Mario Mikocevic for responsibly reporting this issue. Red Hat would like to thank Tim Bunce for responsibly reporting this flaw. Upstream credits also Rafaël Garcia-Suarez for discovering of this issue. Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Pierre Noguès of Meta Security as the original reporter. Red Hat would like to thank Dan Rosenberg for responsibly reporting this issue. Red Hat would like to thank Dan Rosenberg for responsibly reporting this issue. Red Hat would like to thank Anders Kaseorg and Evan Broder of Ksplice, Inc. for responsibly reporting this issue. Red Hat would like to thank the Apple Product Security team for responsibly reporting this flaw. Upstream acknowledges Luca Carettoni as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative, as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Yaar Schnitman of Google Inc. as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Mark Dowd as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges James Robinson of Google Inc. as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Skylined of Google Chrome Security Team as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative, as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Justin Schuh as the original reporter. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509 as the original reporter. Red Hat would like to thank Braden Thomas of the Apple Product Security team for reporting these issues. Red Hat would like to thank Rodrigo Rubira Branco of Check Point Vulnerability Discovery Team for responsibly reporting this issue. Red Hat would like to thank Meder Kydyraliev of Google Security Team for responsibly reporting this issue. Red Hat would like to thank the Samba team for responsibly reporting this issue. Upstream acknowledges Jun Mao as the original reporter. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank the Vulnerability Research Team at TELUS Security Labs and Fujita Tomonori for responsibly reporting these flaws. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Doug Knight of University of Alaska for reporting this issue. Red Hat would like to thank the X.Org security team for reporting this issue. Upstream acknowledges Rafal Wojtczuk as the original reporter. Red Hat would like to thank Jeremy Nickurak for reporting this issue. Red Hat would like to thank Andre Osterhues for reporting this issue. Red Hat would like to thank Robert Święcki of the Google Security Team for the discovery of this issue. Red Hat would like to thank Robert Święcki of the Google Security Team for the discovery of this issue. Red Hat would like to thank Robert Święcki of the Google Security Team for the discovery of this issue. Red Hat would like to thank Robert Święcki of the Google Security Team for the discovery of this issue. Red Hat would like to thank Robert Święcki of the Google Security Team for the discovery of these issues. Red Hat would like to thank Dan Rosenberg for responsibly reporting this issue. Red Hat would like to thank the Evince development team for reporting this issue. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter. Red Hat would like to thank the Evince development team for reporting this issue. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter. Red Hat would like to thank the Evince development team for reporting this issue. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter. Red Hat would like to thank the Evince development team for reporting this issue. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter. Red Hat would like to thank Grant Diffey of CenITex for reporting this issue. Red Hat would like to thank Kees Cook for reporting this issue. Red Hat would like to thank Ted Brunell for reporting this issue. Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue. Red Hat would like to thank Tavis Ormandy for reporting this issue. Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance for reporting this issue. Red Hat would like to thank Tavis Ormandy for reporting this issue. Red Hat would like to thank Kees Cook for reporting this issue. Red Hat would like to thank Kees Cook for reporting this issue. Red Hat would like to thank Toshiyuki Okajima for reporting this issue. Red Hat would like to thank Tavis Ormandy for reporting this issue. Red Hat would like to thank Tavis Ormandy for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Robert Swiecki of Google Security Team for reporting this issue. Red Hat would like to thank Tavis Ormandy for reporting this issue. Red Hat would like to thank Ben Hawkes for reporting this issue. Red Hat would like to thank Tavis Ormandy for reporting this issue. Red Hat would like to thank Mark Sapiro for reporting these flaws. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Ben Hawkes for reporting this issue. Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges D. Hugh Redelmeier and Paul Wouters as the original reporters. Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges D. Hugh Redelmeier and Paul Wouters as the original reporters. Red Hat would like to thank Raphael Geissert for reporting this issue. Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank OpenOffice.org for reporting this issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter. Red Hat would like to thank OpenOffice.org for reporting this issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter. Red Hat would like to thank OpenOffice.org for reporting this issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter. Red Hat would like to thank OpenOffice.org for reporting this issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter. Red Hat would like to thank Dmitri Gribenko for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Daniel Atallah as the original reporter. Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges D. Hugh Redelmeier and Paul Wouters as the original reporters. Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges D. Hugh Redelmeier and Paul Wouters as the original reporters. Red Hat would like to thank Ralph Loader for reporting this issue. Red Hat would like to thank Tavis Ormandy for reporting this issue. Red Hat would like to thank Ben Hawkes and Tavis Ormandy for reporting this issue. Red Hat would like to thank Brad Spengler for reporting this issue. Red Hat would like to thank Kees Cook for reporting this issue. Red Hat would like to thank Ole Husgaard of eXerp.com for reporting this issue. Red Hat would like to thank Rob Hulswit for reporting this issue. Red Hat would like to thank Thomas Pollet for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Nelson Elhage for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Dan Rosenberg of Virtual Security Research for reporting this issue. Red Hat would like to thank the Google Security Team for reporting this issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter. Red Hat would like to thank Geoff Keating of the Apple Product Security team for reporting this issue. Red Hat would like to thank the MIT Kerberos Team for reporting this issue. Red Hat would like to thank the MIT Kerberos Team for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall and Kees Cook for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Steve Chen for reporting this issue. Red Hat would like to thank Tavis Ormandy for reporting this issue. Red Hat would like to thank Tavis Ormandy for reporting this issue. Red Hat would like to thank Leif Nixon for reporting this issue. Red Hat would like to thank Vladymyr Denysov for reporting this issue. Red Hat would like to thank Alan Cox for reporting this issue. Red Hat would like to thank Brad Spengler for reporting this issue. Red Hat would like to thank Vegard Nossum for reporting this issue. Red Hat would like to thank Vegard Nossum for reporting this issue. Red Hat would like to thank Nelson Elhage for reporting this issue. Red Hat would like to thank Kosuke Tatsukawa for reporting this issue. Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue. Red Hat would like to thank Sebastian Krahmer for reporting this issue. Red Hat would like to thank the TippingPoint Zero Day Initiative project for reporting this issue. The original issue reporter wishes to stay anonymous. Red Hat would like to thank Stephan Mueller of atsec information security for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Stu Tomlinson as the original reporter. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank OpenOffice.org for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Kees Cook for reporting this issue. Red Hat would like to thank Kees Cook for reporting this issue. Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue. Red Hat would like to thank Phil Pennock for reporting this issue. Red Hat would like to thank Mozilla Security Team for reporting this issue. Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. Red Hat would like to thank Apple Product Security for reporting this issue. Red Hat would like to thank the MIT Kerberos project for reporting this issue. Upstream acknowledges Kevin Longfellow of Oracle Corporation as the original reporter. Red Hat would like to thank the MIT Kerberos project for reporting this issue. Red Hat would like to thank the CERT/CC for reporting CVE-2011-0411. The CERT/CC acknowledges Wietse Venema as the original reporter. Red Hat would like to thank Internet Systems Consortium for reporting this issue. Red Hat would like to thank Maksymilian Arciemowicz for reporting this issue. Red Hat would like to thank Nico Golde of Debian Security Team for reporting this issue. Debian Security Team acknowledges 'Teeed' as the original issue reporter. Red Hat would like to thank Matthieu Herrb for reporting this issue. Upstream acknowledges Sebastian Krahmer of the SuSE Security Team as the original reporter. This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. Red Hat would like to thank Andrew Kerr for reporting this issue. Red Hat would like to thank Mark Sapiro for reporting these flaws. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Rafael Dominguez Vega for reporting this issue. Red Hat would like to thank Adam Prince for reporting this issue. Red Hat would like to thank Hyrum Wright of the Apache Subversion project for reporting this issue. Upstream acknowledges Philip Martin, WANdisco, Inc. as the original reporter. Red Hat would like to thank Thomas Biege of the SuSE Security Team for reporting this issue. Red Hat would like to thank Thomas Biege of the SuSE Security Team for reporting this issue. Red Hat would like to thank the Samba team for reporting this issue. Upstream acknowledges Volker Lendecke of SerNet as the original reporter. Red Hat would like to thank Kees Cook for reporting this issue. Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue. Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue. Red Hat would like to thank Nelson Elhage for reporting this issue. Red Hat would like to thank Timo Warns for reporting this issue. Red Hat would like to thank Tavis Ormandy for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Kees Cook for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Nelson Elhage for reporting this issue. Red Hat would like to thank Nelson Elhage for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Marius Wachtler as the original reporter. Red Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for reporting this issue. Red Hat would like to thank Wayne Davison and Matt McCutchen for reporting this issue. This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. Red Hat would like to thank Peter Huewe for reporting this issue. Red Hat would like to thank Timo Warns for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Julien Tinnes of Google Security Team for reporting this issue. Red Hat would like to thank Nicolas Grégoire and Aleksey Sanin for reporting this issue. Red Hat would like to thank Ryan Sweat for reporting this issue. Red Hat would like to thank Martin Kouba from IT SYSTEMS a.s. for reporting this issue. Red Hat would like to thank Neel Mehta of Google for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank the MIT Kerberos project for reporting this issue. Upstream acknowledges Tim Zingelman as the original reporter. Red Hat would like to thank the MIT Kerberos project for reporting this issue. Upstream acknowledges Andrej Ota as the original reporter. Red Hat would like to thank the MIT Kerberos project for reporting this issue. Red Hat would like to thank Ryan Sweat for reporting this issue. Red Hat would like to thank Timo Warns for reporting this issue. Red Hat would like to thank Robert Swiecki for reporting this issue. Red Hat would like to thank Thomas Biege of the SuSE Security Team for reporting this issue. Red Hat would like to thank Cendio AB for reporting this issue. Cendio AB acknowledges an anonymous contributor working with the SecuriTeam Secure Disclosure program as the original reporter. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank the CERT/CC for reporting CVE-2011-1720. Upstream acknowledges Thomas Jarosch of Intra2net AG as the original reporter. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Oliver Hartkopp for reporting this issue. Red Hat would like to thank Nelson Elhage for reporting this issue. Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Joe Schaefer of Apache Software Foundation as the original reporter. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Timo Warns for reporting this issue. Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Ivan Zhakov of VisualSVN as the original reporter. Red Hat would like to thank the Ubuntu Security Team for reporting these issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters. Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters. Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Dan Rosenberg and Marc Deslauriers as the original reporters. Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Marc Deslauriers as the original reporter. Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall as the original reporter. Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Kamesh Jayachandran of CollabNet, Inc. as the original reporter. Red Hat would like to thank the CERT/CC for reporting this issue. The CERT/CC acknowledges Billy Bob Brumley and Nicola Tuveri as the original reporters. This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. Red Hat would like to thank Andrea Righi for reporting this issue. Red Hat would like to thank the ObjectWorks+ Development Team at Nomura Research Institute for reporting this issue. Red Hat would like to thank Clement Lecigne for reporting this issue. Red Hat would like to thank Nelson Elhage for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Mark Doliner as the original reporter. Red Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for reporting this issue. Red Hat would like to thank Vasily Averin for reporting this issue. Red Hat would like to thank Marek Kroemeke and Filip Palian for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Robert Swiecki for reporting this issue. Red Hat would like to thank Dan Rosenberg for reporting this issue. Red Hat would like to thank Peter Robinson for reporting this issue. Red Hat would like to thank Marco Slaviero of SensePost for reporting this issue. Red Hat would like to thank Li Yu for reporting this issue. Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter. Red Hat would like to thank the Apache Tomcat project for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION as the original reporter. Red Hat would like to thank Fernando Gont for reporting this issue. This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. Red Hat would like to thank Brent Meshier for reporting this issue. Red Hat would like to thank Daniel Karanja Muturi for reporting this issue. Red Hat would like to thank Nils Juenemann and The Bearded Warriors for independently reporting this issue. Red Hat would like to thank Nils Juenemann for reporting this issue. Red Hat would like to thank Christopher Hartley of The Ohio State University for reporting this issue. Red Hat would like to thank the Pidgin project for reporting this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ken Russell of Google as the original reporter. Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Sauli Pahlman as the original reporter. Red Hat would like to thank Kees Cook of Google ChromeOS Team for reporting this issue. Red Hat would like to thank Kees Cook of Google ChromeOS Team for reporting this issue. Red Hat would like to thank Dan Kaminsky for reporting this issue. Red Hat would like to thank Darren Lavender for reporting this issue. Red Hat would like to thank Matt McCutchen for reporting this issue. Red Hat would like to thank Greg Banks for reporting this issue. Red Hat would like to thank Yasuaki Ishimatsu for reporting this issue. Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters. Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters. Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters. Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters. Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters. Red Hat would like to thank Sylvain Maes for reporting this issue. Red Hat would like to thank Somnath Kotur for reporting this issue. Red Hat would like to thank Yogesh Sharma for reporting this issue. Red Hat would like to thank Matt McCutchen for reporting this issue. Red Hat would like to thank Context Information Security for reporting this issue. Red Hat would like to thank Cyrus IMAP project for reporting this issue. Upstream acknowledges Stefan Cornelius of Secunia Research as the original reporter. Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges Paul Wouters as the original reporter. Red Hat would like to thank Kevan Carstensen for reporting this issue. Red Hat would like to thank Gideon Naim for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue. Red Hat would like to thank David Black for reporting this issue. Red Hat would like to thank David Black for reporting this issue. Red Hat would like to thank Zheng Liu for reporting this issue. Red Hat would like to thank the Puppet team for reporting this issue. Upstream acknowledges Ricky Zhou as the original reporter. Red Hat would like to thank researcher with a nickname vladz for reporting this issue. Red Hat would like to thank researcher with a nickname vladz for reporting this issue. Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges Petar Tsankov, Mohammad Torabi Dashti and David Basin of the information security group at ETH Zurich as the original reporters. Red Hat would like to thank Nick Bowler for reporting this issue. Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters. Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters. Red Hat would like to thank Jan Iven for reporting this issue. Red Hat would like to thank Shubham Goyal for reporting this issue. This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. Red Hat would like to thank Andy Adamson for reporting this issue. Red Hat would like to thank Clement Lecigne for reporting this issue. Red Hat would like to thank William Hoffmann for reporting this issue. Red Hat would like to thank Sasha Levin for reporting this issue. Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters. Red Hat would like to thank Jonathan Foote of the CERT Coordination Center for reporting this issue. Red Hat would like to thank Tyler Krpata for reporting this issue. Red Hat would like to thank Tetsuo Handa for reporting this issue. Upstream acknowledges Mathieu Desnoyers as the original reporter. Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Evgeny Boger as the original reporter. Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Thijs Alkemade as the original reporter. Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Diego Bauche Madero from IOActive as the original reporter. Red Hat would like to thank Paul Kot for reporting this issue. Red Hat would like to thank Christian Schlüter (VIADA) for reporting this issue. Red Hat would like to thank NTT OSSC for reporting this issue. Red Hat would like to thank Maynard Johnson for reporting this issue. Red Hat would like to thank Masaki Tachibana for reporting this issue. Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters. Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters. Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters. Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters. Red Hat would like to thank Nicolae Mogoreanu for reporting this issue. Red Hat would like to thank the cURL project for reporting this issue. Upstream acknowledges Dan Fandrich as the original reporter. Red Hat would like to thank Timothy D. Morgan of VSR for reporting this issue. Red Hat would like to thank Wang Xi for reporting this issue. Red Hat would like to thank Chen Haogang for reporting this issue. Red Hat would like to thank Stephan Bärwolf for reporting this issue. Red Hat would like to thank Jüri Aedla for reporting this issue. Red Hat would like to thank Simon McVittie for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Rafal Wojtczuk as the original reporter. Red Hat would like to thank the Xen for reporting this issue. Red Hat would like to thank the CERT/CC for reporting this issue. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter. Red Hat would like to thank the CERT/CC for reporting this issue. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter. Red Hat would like to thank the CERT/CC for reporting this issue. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter. Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Aleksis Kauppinen, Joonas Kuorilehto, Tuomas Parttimaa and Lasse Ylivainio of Codenomicon's CROSS project as the original reporters. Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Aleksis Kauppinen, Joonas Kuorilehto, Tuomas Parttimaa and Lasse Ylivainio of Codenomicon's CROSS project as the original reporters. Red Hat would like to thank the Mozilla project for reporting these issues. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Aki Helin from OUSPG as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen from OUSPG as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Anne van Kesteren of Opera Software as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges wushi of team509 via iDefense as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Matias Juntunen as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jordi Chancel and Eddy Bordi, and Chris McGowen as the original reporters. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Masato Kinugawa as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ms2ger as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jeroen van der Gun as the original reporter. Red Hat would like to thank Andrew Lutomirski for reporting this issue. Red Hat would like to thank Todd C. Miller for reporting this issue. Upstream acknowledges joernchen of Phenoelit as the original reporter. Red Hat would like to thank Graham Leggett for reporting this issue. Red Hat would like to thank Thomas Swan of FedEx for reporting this issue. Red Hat would like to thank the Samba team for reporting this issue. Upstream acknowledges Andy Davis of NGS Secure as the original reporter. Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue. This issue was discovered by David Jorm of the Red Hat Security Response Team. Red Hat would like to thank Kees Cook for reporting this issue. Red Hat would like to thank Ludwig Nussel of the SUSE security team for reporting this issue. Red Hat would like to thank H. Peter Anvin for reporting this issue. This issue was discovered by Dominic Cleal of Red Hat Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue. Upstream acknowledges Tielei Wang via Secunia SVCRP as the original reporter of this issue. Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters. Red Hat would like to thank Timo Warns for reporting this issue. Red Hat would like to thank Timo Warns for reporting this issue. Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting this issue. Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting this issue. Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Aleksis Kauppinen, Joonas Kuorilehto, Tuomas Parttimaa and Lasse Ylivainio of Codenomicon's CROSS project as the original reporters. Red Hat would like to thank the CERT/CC for reporting this issue. The CERT/CC acknowledges Denis Ovsienko as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman as the original reporters. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the original reporters. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security researcher Abhishek Arya of Google as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security researcher Adam Barth as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security researcher Paul Stone as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security researcher Arthur Gerkis as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Brian Smith, Gary Kwong, Christian Holler, Jesse Ruderman, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey as the original reporters. These flaws affected Firefox 13. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security researcher Mario Gomes and research firm Code Audit Labs as the original reporters of this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Google security researcher Abhishek Arya as the original reporter of this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Mariusz Mlynski as the original reporter of this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Mariusz Mlynski as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Mario Heiderich as the original reporter of this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Arthur Gerkis as the original reporter of this flaw. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developer Bobby Holley as the original reporter of this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Google developer Tony Payne as the original reporter of this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developer Frédéric Buclin as the original reporter of this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Bill Keese as the original reporter of this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Karthikeyan Bhargavan of Prosecco at INRIA as the original reporter of this flaw. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security Researcher Matt McCutchen for reporting this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researchers Mario Gomes and Soroush Dalili as the original reporters of this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter of this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter of this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, and Jason Smith as the original reporters. These flaws affected Firefox 14. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team as the original reporter of this flaw. Red Hat would like to thank Puppet Labs for reporting this issue. Red Hat would like to thank Puppet Labs for reporting this issue. Red Hat would like to thank Puppet Labs for reporting this issue. Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Ivano Cristofolini as the original reporter of this issue. Red Hat would like to thank Vadim Ponomarev for reporting this issue. Red Hat would like to thank Shachar Raindel for reporting this issue. Red Hat would like to thank Ronald van Zantvoort for reporting this issue. Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of this issue. This issue was discovered by the Red Hat Security Response Team. Red Hat would like to thank Stephan Mueller for reporting this issue. Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Codenomicon as the original reporter. Upstream acknowledges Sven Jacobi as the original reporter of this issue. This issue was discovered by Li Honggang of Red Hat. This issue was discovered by Jian Li of Red Hat. This issue was discovered by Red Hat. Red Hat would like to thank the Apache CXF project for reporting this issue. Red Hat would like to thank the Apache CXF project for reporting this issue. Red Hat would like to thank Xinli Niu for reporting this issue. Upstream acknowledges Timo Warns as the original reporter of this issue. This issue was discovered by Marek Schmidt and Stan Silvert of Red Hat. This issue was discovered by Paul Wouters of Red Hat. These issues were discovered by Florian Weimer of the Red Hat Product Security Team. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. These issues were discovered by Florian Weimer of the Red Hat Product Security Team. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. Red Hat would like to thank Ray Rocker for reporting this issue. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters. Red Hat would like to thank Antonios Atlasis working with Beyond Security's SecuriTeam Secure Disclosure program for reporting this issue. Red Hat would like to thank Joseph Sheridan of Reaction Information Security for reporting this issue. Red Hat would like to thank Chris Evans of the Google Security Team for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter Red Hat would like to thank Dan Fandrich for reporting this issue. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter. Red Hat would like to thank Dan Fandrich for reporting this issue. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter. Red Hat would like to thank Dan Fandrich for reporting this issue. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter. Red Hat would like to thank Dan Fandrich for reporting this issue. Upstream acknowledges Yunho Kim as the original reporter. Red Hat would like to thank Dan Fandrich for reporting this issue. Upstream acknowledges Yunho Kim as the original reporter. Red Hat would like to thank Dan Fandrich for reporting this issue. Red Hat would like to thank Dan Fandrich for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank Joseph Sheridan for reporting this issue. Red Hat would like to thank George Hedfors of Cybercom Sweden East AB for reporting this issue. This issue was discovered by Carlo de Wolf of Red Hat. This issue was discovered by Carlo de Wolf of Red Hat. Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Ulf Härnhammar as the original reporter. Red Hat would like to thank Jim Meyering for reporting this issue. Upstream acknowledges Stefano Lattarini as the original reporter. This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting this issue. Red Hat would like to thank Ken Hahn and Dan Bradley for reporting this issue. This issue was discovered by the Red Hat Security Response Team. Red Hat would like to thank Chamal De Silva for reporting this issue. This issue was discovered by Aleksandar Kostadinov of the Red Hat QE Team. This issue was discovered by Arun Neelicattu of the Red Hat Security Response Team. Red Hat would like to thank Sigbjorn Lie of the Atea Norway for reporting this issue. This issue was discovered by the Red Hat InfiniBand team. This issue was discovered by Steven Hawkins of Red Hat. Red Hat would like to thank the Xen for reporting this issue. Red Hat would like to thank the Xen for reporting this issue. Red Hat would like to thank the Apache CXF project for reporting this issue. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. Red Hat would like to thank Matthias Weckbecker of the SUSE Security Team for reporting this issue. Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Peter Eisentraut as the original reporter. Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Matthew Daley as the original reporter. Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Matthew Daley as the original reporter. Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Matthew Daley as the original reporter. Red Hat would like to thank Alexander Peslyak for reporting this issue. Upstream fix: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f0ec1aaf54caddd21c259aea8b2ecfbde4ee4fb9 References: http://bugzilla.openvz.org/show_bug.cgi?id=2294 Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank Pablo Neira Ayuso for reporting this issue. Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue. These issues were discovered by Trevor Jay of Red Hat Quality Engineering penetration testing. This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. This issue was discovered by James Laska of Red Hat. Red Hat would like to thank Thomas Biege of SUSE for reporting this issue. Red Hat would like to thank Dolph Mathews for reporting this issue. Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Red Hat would like to thank Hafid Lin for reporting this issue. Upstream acknowledges Markus Hietava of Codenomicon CROSS project as the original reporter of this issue. Upstream acknowledges Markus Hietava of Codenomicon CROSS project as the original reporter of this issue. Red Hat would like to thank Puppet Labs for reporting this issue. Red Hat would like to thank Puppet Labs for reporting this issue. Red Hat would like to thank Puppet Labs for reporting this issue. Upstream acknowledges Glen Eustace of Massey University, New Zealand, as the original reporter of this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Mariusz Mlynski as the original reporter of this flaw. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Frédéric Hoguin as the original reporter of this flaw. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter of this flaw. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Arthur Gerkis as the original reporter of this flaw. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security researcher Christoph Diehl as the original reporter of this flaw. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Nicolas Grégoire as the original reporter of this flaw. Reference: http://www.mozilla.org/security/announce/2012/mfsa2012-65.html Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla security researcher Mark Goodwin as the original reporter of this flaw. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla security researcher Masato Kinugawa as the original reporter of this flaw. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla security researcher vsemozhetbyt as the original reporter of this flaw. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security Security researcher Mark Poticha as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security Mozilla security researcher moz_bug_r_a4 as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security Security researcher Colby Russell as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler and Jesse Ruderman as the original reporters. These flaws affect Firefox 10.0.7 ESR and Firefox 15. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges David Bloom of Cue as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Johnny Stenback as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Soroush Dalili as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alice White as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gareth Heyes as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski, moz_bug_r_a4 and Antoine Delignat-Lavaud as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen from OUSPG as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges kakzz.ng@gmail.com as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Scott Bell as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gabor Krizsanits as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Masato Kinugawa as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Peter Van der Beken as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter. Red Hat would like to thank Tetsuo Handa for reporting this issue. Red Hat would like to thank Marc Schönefeld for reporting this issue. Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank Dolph Mathews for reporting this issue. These issues were discovered by Kurt Seifried of Red Hat, and Jim Meyering. This issue was discovered by Wenlong Huang of the Red Hat Virtualization QE Team. Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue. This issue was discovered by Murray McAllister of Red Hat Security Response Team. Red Hat would like to thank Antonios Atlasis working with Beyond Security's SecuriTeam Secure Disclosure program and Loganaden Velvindron of AFRINIC for reporting this issue. Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. This issue was discovered by Noriko Hosoi of Red Hat. This issue was discovered by Karel Volný of the Red Hat Quality Engineering team. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. Red Hat would like to thank Jon Howell for reporting this issue. This issue was discovered by Daniel Horak of the Red Hat Enterprise MRG Quality Engineering Team. This issue was discovered by Vit Ondruch of Red Hat. This issue was discovered by Tomas Mraz of Red Hat. This issue was discovered by the Red Hat Security Response Team. Red Hat would like to thank Theodore Ts'o for reporting this issue. Upstream acknowledges Dmitry Monakhov as the original reporter. Upstream fix: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dee1f973ca341c266229faa5a1a5bb268bed3531 Red Hat would like to thank Vincent Untz for reporting this issue. This issue was discovered by Florian Weimer of Red Hat Product Security Team. This issue was discovered by Florian Weimer of Red Hat Product Security Team and Kurt Seifried of the Red Hat Security Response Team. Red Hat would like to thank the upstream Django project for reporting this vulnerability. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank Arthur Gerkis for reporting this issue. This issue was discovered by Paolo Bonzini of Red Hat. Red Hat would like to thank the Xen project for reporting this issue. This issue was discovered by Marko Myllynen of Red Hat. This issue was discovered by Arun Neelicattu of the Red Hat Security Response Team. This issue was discovered by Josef Cacek of the Red Hat JBoss EAP Quality Engineering team. Red Hat would like to thank Patrick Raspante and Ryan Millay of GDC4S for reporting this issue. Red Hat would like to thank Patrick Raspante and Ryan Millay of GDC4S for reporting this issue. This issue was discovered by Huzaifa S. Sidhpurwala of Red Hat Security Response Team. This issue was discovered by Rodrigo Freire of Red Hat. Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Gabe Westmaas as the original reporter of CVE-2012-4573. This issue was discovered by Kurt Seifried of the Red Hat Security Response Team. Red Hat would like to thank the Perl project for reporting this issue. Upstream acknowledges Tim Brown as the original reporter. This issue was discovered by Kurt Seifried of Red Hat Security Response Team. This issue was discovered by Kurt Seifried of Red Hat Security Response Team. This issue was discovered by Derek Horton of Red Hat. This issue was discovered by Kurt Seifried of the Red Hat Security Response Team. Red Hat would like to thank Petr Menšík for reporting this issue. This issue was discovered by Aaron Weitekamp of the Red Hat Cloud Quality Engineering team. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. This issue was discovered by Allon Mureinik of Red Hat. This issue was discovered by Dan Kenigsberg of Red Hat. Red Hat would like to thank SUSE Security Team for reporting this issue. SUSE Security Team acknowledges Thomas Biege of SUSE as the original issue reporter. Red Hat would like to thank Hideharu Ohkuma of Ricoh Company for reporting these issues. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. Red Hat would like to thank Stefan Bühler for reporting this issue. Upstream acknowledges Jesse Sipprell from McClatchy Interactive, Inc. as the original reporter. This issue was discovered by Aaron Weitekamp of the Red Hat Cloud Quality Engineering team. Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Anndy as the original reporter. Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Vijaya Erukala as the original reporter. Red Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj Somorovsky of Ruhr-University Bochum for reporting this issue. This issue was discovered by Huzaifa S. Sidhpurwala of Red Hat Security Response Team. This issue was discovered by Lukas Zapletal of Red Hat. This issue was discovered by Og Maciel of Red Hat. This issue was discovered by James Labocki of Red Hat. This issue was discovered by Red Hat. Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Eric Windisch as the original reporter of CVE-2012-5625. Red Hat would like to thank the Xen project for reporting this issue. These issues were discovered by Kurt Seifried of the Red Hat Security Response Team and Michael Scherer of the Red Hat Regional IT team. This issue was discovered by Red Hat. This issue was discovered by Michael Scherer of the Red Hat Regional IT team. This issue was discovered by Michael Scherer of the Red Hat Regional IT team. This issue was discovered by Miloslav Trmač of Red Hat. Red Hat would like to thank Martin Carpenter of Citco for reporting this issue. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jonathan Stephens as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Masato Kinugawa as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bobby Holley as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jesse Ruderman, Andrew McCreight, Bob Clary, and Kyle Huey as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, and Bill McCloskey as the original reporter. This issue was discovered by Andrew Cathrow of Red Hat. This issue was discovered by Dominic Cleal and James Laska of Red Hat. This issue was discovered by James Laska of Red Hat. This issue was discovered by Tomas Sedovic of Red Hat. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. This issue was discovered by Michael Scherer of the Red Hat Regional IT team. This issue was discovered by Michael Scherer of the Red Hat Regional IT team. This issue was discovered by Ondrej Machacek of Red Hat. This issue was discovered by Tingting Zheng of Red Hat. Red Hat would like to thank the Andrew Cooper of Citrix for reporting this issue. Red Hat would like to thank Martin Kosek of Red Hat for reporting this issue. This issue was discovered by Tim Waugh of Red Hat. Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Phil Day as the original reporter. This issue was discovered by Dan Prince of Red Hat. Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jann Horn as the original reporter. Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jann Horn as the original reporter. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. This issue was discovered by Arun Neelicattu of the Red Hat Security Response Team. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. These issues were discovered by Florian Weimer of the Red Hat Product Security Team. This issue was discovered by Andrew Jones of Red Hat. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank Simon McVittie for reporting this issue. This issue was discovered by Dan Prince of Red Hat. Red Hat would like to that Daniel Stenberg of cURL project for reporting of this issue. Upstream acknowledges researcher known as Volema as the original issue reporter. Red Hat would like to thank the Qt project for reporting this issue. Upstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer Security Ltd. as the original reporters. Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Sumit Soni via Secunia SVCRP as the original issue reporter. Red Hat would like to thank Eric Hodel of RDoc upstream for reporting this issue. Upstream acknowledges Evgeny Ermakov as the original issue reporter. This issue was discovered by Kurt Seifried of the Red Hat Security Response Team. This issue was discovered by Trevor McKay of Red Hat. This issue was discovered by Derek Higgins of the Red Hat OpenStack team. Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Thomas Hollstegge of Zweitag and Ben Murphy as the original reporters. This issue was discovered by Dan Prince of Red Hat. Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Chris Wysopal of Veracode as the original issue reporter. Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Daniel Atallah as the original reporter. Red Hat would like to thank the Pidgin project for reporting this issue. Red Hat would like to thank the Pidgin project for reporting this issue. Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Nathanael Burton (National Security Agency) as the original reporter. This issue was discovered by Kaushik Banerjee of Red Hat. Red Hat would like to thank Garth Mollett for reporting this issue. This issue was discovered by Mike Burns of Red Hat. This issue was discovered by Thierry Bordaz of Red Hat. This issue was discovered by Nick Scavelli of Red Hat. This issue was discovered by Arun Neelicattu and David Jorm of the Red Hat Security Response Team. Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Lawrence Pit of Mirror42 as the original reporter. Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Loganathan Parthipan (HP) and Rohit Karajgi (NTT Data) as the original, independent reporters. This issue was discovered by Sumit Bose of Red Hat. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Olli Pettay as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jesse Ruderman as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jesse Ruderman as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O'Callahan, Scoobidiver, Jesse Ruderman and Julian Seward as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges pa_kt as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Sviatoslav Chagaev as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Masato Kinugawa as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jerry Baker as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bobby Holley as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Frederik Braun as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Michal Zalewski as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, and Wayne Mery as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alon Zakai, Christian Holler, Gary Kwong, Jesse Ruderman, Luke Wagner, Terrence Cole, Timothy Nikkel, Olli Pettay, Bill McCloskey, and Nicolas Pierron as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight, Randell Jesup, Gary Kwong, Jesse Ruderman, Christian Holler, and Mats Palmgren as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ambroz Bizjak as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tobias Schula as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, and Jeff Walden as the original reporter. Red Hat would like to thank Puppet Labs for reporting this issue. Red Hat would like to thank Puppet Labs for reporting this issue. Red Hat would like to thank Puppet Labs for reporting this issue. Red Hat would like to thank Perl project for reporting this issue. Upstream acknowledges Yves Orton as the original issue reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bob Clary, Ben Turner, Benoit Jacob, Bobby Holley, Christoph Diehl, Christian Holler, Andrew McCreight, Gary Kwong, Jason Orendorff, Jesse Ruderman, Matt Wobensmith, and Mats Palmgren as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ms2ger as the original reporter. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter. This issue was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team. Red Hat would like to thank Andrew Honig of Google for reporting this issue. Red Hat would like to thank Andrew Honig of Google for reporting this issue. Red Hat would like to thank Andrew Honig of Google for reporting this issue. This issue was discovered by Derek Higgins of the Red Hat OpenStack team. Red Hat would like to thank Finke Lamein for reporting this issue. This issue was discovered by Sureshkumar Thirugnanasambandan of the Red Hat Quality Engineering Team. Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Vish Ishaya (Nebula) as the original reporter. Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Stuart McLaren (HP) as the original reporter. Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Alexander Klink as the original reporter of this flaw. Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Ben Reser as the original reporter of this flaw. Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Philip Martin and Ben Reser as the original reporter of this flaw. Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Ben Murphy as the original reporter. Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Charlie Somerville as the original reporter. Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Alan Jenkins as the original reporter. Red Hat would like to thank Alyssa Milburn for reporting this issue. Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Guang Yee (HP) as the original reporter. Red Hat would like to thank the Apache Subversion for reporting this issue. Upstream acknowledges Greg McMullin, Stefan Fuhrmann, Philip Martin and Ben Reser as the original reporters of this flaw. This issue was discovered by Martin Kosek of Red Hat. Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Mitsumasa Kondo and Kyotaro Horiguchi as the original issue reporters. Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Marko Kreen as the original issue reporter. Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original issue reporter. Red Hat would like to thank Willy Tarreau of HAProxy upstream for reporting this issue. Upstream acknowledges Yves Lafon from the W3C as the original reporter. Red Hat would like to thank the Xen for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. Red Hat would like to thank the Xen for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. This issue was found by Daniel Berrange of Red Hat. This issue was discovered by Jiri Vanek of the Red Hat OpenJDK Team. This issue was discovered by the Red Hat Security Response Team. This issue was found by David Airlie and Peter Hutterer of Red Hat. Red Hat would like to thank the cURL project for reporting this issue. Upstream acknowledges YAMADA Yasuharu as the original reporter. Red Hat would like to thank Michael Armstrong for reporting this issue. Red Hat would like to thank the Xen project for reporting this issue. This issue was discovered by Murray McAllister of Red Hat Security Response Team. Red Hat would like to thank Emmanuel Bouillon (NCI Agency) for reporting this issue. Red Hat would like to thank Emmanuel Bouillon (NCI Agency) for reporting this issue. Red Hat would like to thank Edoardo Comar of IBM for reporting this issue. Red Hat would like to thank the Xen for reporting this issue. Red Hat would like to thank Andy Lutomirski for reporting this issue. This issue was discovered by Laszlo Ersek of Red Hat. This issue was found by Jason Wang of Red Hat. References: https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05013.html Proposed upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05254.html Red Hat would like to thank Atzm WATANABE of Stratosphere Inc. for reporting this issue. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. This issue was discovered by Paolo Bonzini and Laszlo Ersek of Red Hat. This issue was discovered by Florian Weimer of Red Hat Product Security Team Red Hat would like to thank Puppet Labs for reporting this issue. Red Hat would like to thank Puppet Labs for reporting this issue. Red Hat would like to thank Moshe Kaplan for reporting this issue. Red Hat would like to thank Moshe Kaplan for reporting this issue. This issue has been addressed in nfs-server packages as shipped in Red Hat Linux since version nfs-server-2.2beta37. Not vulnerable. This flaw is specific to statd on Solaris, IRIX, Unixware and AIX platforms. Not vulnerable. This flaw is specific to statd on Solaris platform. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG. The Linux kernel has implemented secure random number generated initial TCP sequences to prevent TCP hijacking attacks since 1996. Not vulnerable. This flaw is specific to automountd on Solaris platform. Not vulnerable. This flaw is specific to statd on Solaris platform. Red Hat Enterprise Linux by default does respond to ICMP echo requests, although it's likely that in a production environment those would be filtered by some firewall on entry to your network. However you can happily block ICMP ping responses using iptables if you so wish, but note that there is no known vulnerability in allowing them. For more details, please see: http://kbase.redhat.com/faq/FAQ_43_4304.shtm Red Hat Enterprise Linux is configured by default to respond to all ICMP requests. Users may configure the firewall to prevent a system from responding to certain ICMP requests. Red Hat does not consider CVE-1999-0997 to be a security vulnerability. The wu-ftpd process chroots itself into the target ftp directory and will only run external commands as the user logged into the ftp server. Because the process chroots itself, an attacker needs a valid login with write access to the ftp server, and even then they could only potentially execute commands as themselves. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue has been addressed in nfs-utils packages as shipped in Red Hat Linux 6.2 via https://rhn.redhat.com/errata/RHSA-2000-043.html. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 ships with wu-ftp version 2.6.2 which is not vulnerable to this issue. Not vulnerable. This issue did not affect the version of atmel-firmware as shipped with Red Hat Enterprise Linux 6 as it did not implement the SNMP protocol support. CVE-2001-0935 refers to vulnerabilities found when SUSE did a code audit of the wu-ftpd glob.c file in wu-ftpd 2.6.0. They shared these details with the wu-ftpd upstream authors who clarified that some of the issues did not apply, and all were addressed by the version of glob.c in upstream wu-ftpd 2.6.1. Therefore we believe that the issues labelled as CVE-2001-0935 do not affect wu-ftpd 2.6.1 or later versions and therefore do not affect Red Hat Enterprise Linux 2.1. This issue affects the version of the openssh as shipped with Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future openssh updates for Red Hat Enterprise Linux 4. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 5 and 6, since it is SSH-1 protocol specific and those versions did not enable SSH-1 protocol support in the default configuration. Not vulnerable. This issue did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. This is not a security issue. The mod_usertrack cookies are not designed to be used for authentication. This is a duplicate CVE name and is a combination of CVE-2003-0020 and CVE-2003-0083. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. This flaw is specific to Apache HTTP server on Windows platforms. Red Hat does not intend to take any action on this issue. This is the expected behavior of Mailman and is not considered to be a security flaw by upstream. If Mailman upstream addresses this issue in a future update, we may revisit our decision. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat do not consider this to be a security issue and there are many ways that you can identify or fingerprint a Linux machine. Users that wish to block fingerprinting can use various techniques to disguise their operating system, for example see http://www.infosecwriters.com/text_resources/pdf/nmap.pdf Not vulnerable. This issue did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 3 or later. This issue did not affect the OpenSSL packages as shipped with Red Hat Enterprise Linux 2.1 as they were not compiled with S/Key or BSD_AUTH support. The upstream patch for this issue and CVE-2002-0640 was included in an errata so that users recompiling OpenSSL with support for those authentication methods would also be protected: https://rhn.redhat.com/errata/RHSA-2002-131.html Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4. Not vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4. Not vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4. Not vulnerable. This issue did not affect the versions of Apache HTTP server as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162899 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. This issue only affects a third-party patch to Cyrus SASL, not distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. This issue did not affect the versions of Apache HTTP server as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. This issue did not affect the versions of Samba as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. We do not believe this is a security vulnerability. This is the documented and expected behaviour of rpm. Not vulnerable. This issue did not affect the RPM packages of OpenOffice as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue affected Red Hat Enterprise Linux 2.1 and an update was released to correct it: http://rhn.redhat.com/errata/RHSA-2003-244.html Red Hat Enterprise Linux 3 contained a backported patch to correct this issue since release. This issue does not affect the versions of Apache in Enterprise Linux 4 or later. This issue has been addressed in nfs-utils packages as shipped in Red Hat Enterprise Linux 2 via https://rhn.redhat.com/errata/RHSA-2003-207.html. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293. The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release. The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a). For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293. The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release. The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a). Not vulnerable. The OpenSSL packages in Red Hat Enterprise Linux 2.1 were not affected by this issue. The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 contain a backported patch since their initial release (openssl), or were not affected by this issue (openssl096b). The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a). Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=114923 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 4. Not vulnerable. This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280. This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA. This flaw does not affect any subsequent versions of Red Hat Enterprise Linux. Not vulnerable. This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280. This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA. This flaw does not affect any subsequent versions of Red Hat Enterprise Linux. Not vulnerable. This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280. This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA. This flaw does not affect any subsequent versions of Red Hat Enterprise Linux. Not vulnerable. This issue did not affect the version of openssh as shipped with Red Hat Enterprise Linux 3 as it did not include the upstream PAM password authentication module reimplementation, introduced in OpenSSH 3.7. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, and 6. Not affected. Red Hat did not ship iptables-devel or anything else that used these vulnerable functions with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 4 and 5 contained a backported patch to correct this issue. We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1. The PHP packages in Red Hat Enterprise Linux 3 contain a backported patch to address this issue since release. The issue was fixed upstream in PHP 4.3.3. The PHP packages in Red Hat Enterprise Linux 4 and 5 are based on fixed upstream versions. This issue did not affect the versions of Xscreensaver as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue. This is not a vulnerability. When PHP scripts are interpreted using the dynamically loaded mod_php DSO, the PHP interpreter executes with the privileges of the httpd child process. The PHP intepreter does not "sandbox" PHP scripts from the environment in which they run. On any modern Unix system a process can easily obtain access to all the parent file descriptors anyway, even if they have been closed. Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with fvwm, however this issue does not affect the included version of fvwm. Red Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed. The user must voluntarily interact with the attack mechanism to exploit this flaw, with the result being the ability to run code as themselves. Red Hat does not consider this to be a security issue. The information returned poses no threat to the target machine running httpd. Not vulnerable. This issue did not affect the versions of SpamAssassin as shipped with Red Hat Enterprise Linux 3, 4, or 5. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which is in maintenance mode. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. This issue did not affect Linux. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The DHS advisory is a good source of background information about the issue: http://www.us-cert.gov/cas/techalerts/TA04-111A.html It is important to note that the issue described is a known function of TCP. In order to perform a connection reset an attacker would need to know the source and destination ip address and ports as well as being able to guess the sequence number within the window. These requirements seriously reduce the ability to trigger a connection reset on normal TCP connections. The DHS advisory explains that BGP routing is a specific case where being able to trigger a reset is easier than expected as the end points can be easily determined and large window sizes are used. BGP routing is also signficantly affected by having its connections terminated. The major BGP peers have recently switched to requiring md5 signatures which mitigates against this attack. The following article from Linux Weekly News also puts the flaw into context and shows why it does not pose a significant threat: http://lwn.net/Articles/81560/ Red Hat does not have any plans for action regarding this issue. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. This issue did not affect the versions of MySQL as shipped with Red Hat Enterprise Linux 4, 5, or 6. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. cdrecord is not shipped setuid and does not need to be made setuid with Red Hat Enterprise Linux 2.1, 3, or 4 packages. Not Vulnerable. This issue only affected Apache 2.0.51, which was not shipped in any version of Red Hat Enterprise Linux. We do not class this as a security issue; this can only cause a denial of service for the attacker. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140074 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140058 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. cscope packages shipped with Red Hat Enterprise Linux 3, 4, and 5 contain a backported patch since their first release. This issue is only will only cause a denial of service on the connection the attacker is using. It therefore is not a security issue. Red Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed. There are no known uses of this function which could allow a remote attacker to execute arbitrary code. We do not consider this to be a security issue: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1 We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue did not affect the versions of mailman shipped with Red Hat Enterprise Linux 2.1, 3, or 4. In addition, we believe this issue does not apply to the 2.0.x versions of mailman due to setting of STEALTH_MODE Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue was resolved in all affected libtiff versions as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 via a patch for CVE-2004-0886. For updates containing patches for CVE-2004-0886, see: https://rhn.redhat.com/errata/CVE-2004-0886.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 Permitting TCP forwarding is the expected and known default configuration. If it is not desired, it can disabled using the AllowTcpForwarding option in the /etc/ssh/sshd_config configuration file. However, only disabling TCP forwarding does not improve security unless users are also denied shell access. For more information, see man sshd_config. This CVE is a duplicate (rediscovery) of CVE-2002-0838 The Red Hat Security Response Team rated this issue as having low security impact. This issue affected Red Hat Enterprise Linux 2.1 but due to the low severity will not be fixed. metamail was not shipped in Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. These issues did not affect the versions of OpenLDAP as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. We did not ship snmpd setuid root in Red Hat Enterprise Linux 2.1, 3, or 4. The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required. For more information please see: http://www.apacheweek.com/issues/03-01-24#news Red Hat does not consider this to be a security issue. Not vulnerable. This issue did not affect the versions of Samba as distributed with Red Hat Enterprise Linux 3, or 4. Red Hat Enterprise Linux 2.1 shipped with a version of Samba prior to 3.0.6, but we verified by code audit that it is not affected by this issue. Not vulnerable. This issue only affected 2.5 STABLE4 and 2.5 STABLE5 versions of Squid and does not affect the versions of Squid distributed with Red Hat Enterprise Linux. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2004-2680 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Not vulnerable. The Linux kernel as shipped with with Red Hat Enterprise Linux 2.1, 3, 4 and 5 did not include the Sbus PROM module and therefore are not affected by this issue. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. Please see http://kbase.redhat.com/faq/docs/DOC-15379 Not vulnerable. These issues did not affect the versions of htdig as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144263 Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with wu-ftpd, however we were unable to reproduce this issue. Additionally, a code analysis showed that attempts to exploit this issue would be caught in the versions we shipped. http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=149720 Not vulnerable. This issue did not affect the versions of Cyrus SASL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. We do not consider this a security vulnerability; this is the expected behaviour. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. We do not consider this a security issue, the bug can only manifest if the software is invoked on a sudoers file that is contained in a world writable directory. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This is defined and documented behaviour: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=156313 Not vulnerable. Adobe told us this issue did not affect the Linux version of Adobe Reader. Red Hat does not consider this to be a vulnerability. htdigest is not supplied setuid or setgid and should not be run from a CGI program. Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Based on our research we believe that the "OpenSSL ASN.1 brute forcer." is actually exploiting flaws CVE-2003-0543, CVE-2003-0544, CVE-2003-0545. Those issues are all addressed in Red Hat Enterprise Linux and therefore CVE-2005-1730 is a duplicate assignment. We do not believe this is a security issue; this is a deliberate circumvention of the Javamail API. The Javamail API provides a comprehensive and secure method to retrieve mail. In this example, the author retreives the message directly from the mail directory on the filesystem. Even if the user insists on using this incorrect way of accessing mail, then the permissions set by the dovecot and tomcat packages are enough to protect against direct access to most of the files listed in the bug report. The OpenSSL Team do not consider this issue to be a practical threat. Conducting an attack such as this has shown to be impractical outside of a controlled lab environment. If the OpenSSL Team decide to produce an update to correct this issue, we will consider including it in a future security update. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue was addressed in unzip packages as shipped with Red Hat Enterprise Linux 3 and 4 via RHBA-2007:0418 and RHSA-2007:0203 respectively. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This is the documented and expected behaviour of tar. Not vulnerable. These issues did not affect the version of BlueZ as shipped with Red Hat Enterprise Linux 4. Not vulnerable. This issue did not affect the Linux versions of Mutt. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162681 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. This issue did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3 or 4. This issue does not affect Red Hat Enterprise Linux 2.1 and 3. This flaw was fixed in Red Hat Enterprise Linux 4 via errata RHSA-2005:527: http://rhn.redhat.com/errata/RHSA-2005-527.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169803 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ We do not consider this to be a security issue: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1 Not vulnerable. These issues did not affect the versions of Mozilla and Firefox as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. This issue did not affect the ncompress packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Updated packages to correct this issue are available along with our advisory: http://rhn.redhat.com/errata/CVE-2005-3011.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170518 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which are in maintenance mode. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. These issues do not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. We do not class this as a security issue as it only allows local users who have the privileges to create .htaccess files the ability to cause a denial of service. Untrusted users should never be given the ability to create .htaccess files. We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 Not vulnerable. This issue is caused by the way ImageMagick was packaged by Gentoo and does not affect Red Hat Enterprise Linux packages. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. We do not consider this to be a security issue. https://bugzilla.redhat.com/show_bug.cgi?id=139478#c1 This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2007-0245.html and in Red Hat Enterprise Linux 3 via https://rhn.redhat.com/errata/RHSA-2010-0145.html. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The Red Hat Security Response Team has rated this issue as having low security impact. An update is available for Red Hat Enterprise Linux 4 to correct this issue: http://rhn.redhat.com/errata/RHSA-2007-0018.html This issue did not affect Red Hat Enterprise Linux 2.1 and 3. This issue did not affect the versions of OpenLDAP as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. This issue did not affect the versions of OpenOffice.org as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178960 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. Not vulnerable. This issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. This issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. This issue did not affect the Linux glibc. gas (and gcc) make no promise that they are fault tolerant to bad input. We do not plan on producing security updates for Red Hat Enterprise Linux to correct these bugs. gas (and gcc) make no promise that they are fault tolerant to bad input. We do not plan on producing security updates for Red Hat Enterprise Linux to correct these bugs. Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2005-4881 This issue has been rated as having moderate security impact. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, and Red Hat Enterprise MRG. It affects Red Hat Enterprise Linux 3, and 4. It was addressed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2009-1522.html This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important and critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/ This issue affects the version of coreutils package, as shipped with Red Hat Enterprise Linux 4. Red Hat Enterprise Linux 4 is however in the Extended Life Cycle Support (ELS) phase. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. We do not consider this to be a security issue. https://bugzilla.redhat.com/show_bug.cgi?id=139478#c1 Not vulnerable. We verified that this issue does not affect Linux versions of Thunderbird. This issue did not affect the versions of Fetchmail as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. This issue did not affect the versions of libtiff as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. This vulnerability was introduced into the Linux kernel in version 2.6.12 and therefore does not affect users of Red Hat Enterprise Linux 2.1, 3, or 4. This issue only affects parsers which are generated by grammars which either use REJECT or rules with a variable trailing context (in these rules the parser has to keep all backtracking paths). The Red Hat Security Response Team analysed all packages that include flex generated parsers in Red Hat Enterprise Linux (2.1, 3, and 4) and found none were vulnerable. This issue did not affect the versions of PostgreSQL as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 3 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207347 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue was fixed for Red Hat Enterprise Linux 4 in the following errata: http://rhn.redhat.com/errata/RHEA-2006-0355.html This issue does not affect Red Hat Enterprise Linux 2 Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187945 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3. This issue only affected Dovecot versions 1.0beta1 and 1.0beta2. Red Hat Enterprise Linux 4 shipped with an earlier version of Dovecot and is therefore not vulnerable to this issue. Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include log4net. This issue did not affect the versions of OpenSSH as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 2.1 and 3: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194613 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue has been fixed for Red Hat Enterprise Linux 4 in RHSA-2006:0544. Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 5 and 6 and version of bind97 as shipped with Red Hat Enterprise Linux 5 as in the default configuration the named service accept DNS queries only from localhost. We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188302 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 and 3. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187385 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3. This issue did not affect the versions of mod_python as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat is aware of this issue and is tracking it via the following bugs: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193053 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229194 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. Not vulnerable. greylistclean.cron is not supplied in the exim packages as distributed with Red Hat Enterprise Linux. This issue did not affect the versions of OpenSSH as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187900 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 Red Hat does not consider this to be a security issue. Enabling the -r option is not suggested without the -x option which is clearly documented in the /etc/sysconfig/syslog configuration file. Red Hat does not consider this to be a security issue. The FastCGI server is local trusted code and not under the control of an attacker, no trust boundary is crossed. For more information please see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2050 This issue did not affect the version of bind as shipped with Red Hat Enterprise Linux 5. We do not believe this issue has a security consequence for earlier versions of Red Hat Enterprise Linux. For details please see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192192 Not vulnerable. This issue does not affect the versions of rsync distributed with Red Hat Enterprise Linux 2.1, 3, or 4. This issue does not affect Red Hat Enterprise Linux 2.1 and 3 This issue was addressed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2008-0848.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. The winbind plugin is not shipped with Red Hat Enterprise Linux 2.1, 3, or 4. This issue only affected version 4.1.1 and not the versions distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. This issue does not affect the versions of Dovecot distributed with Red Hat Enterprise Linux. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192278 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3. Not vulnerable. This issue does not affect the versions of LibVNCServer as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. This issue does not affect the versions of cyrus-imapd distributed with Red Hat Enterprise Linux. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue was addressed in libtiff packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4 via: https://rhn.redhat.com/errata/RHSA-2006-0603.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This is not an issue that affects users of Red Hat Enterprise Linux. http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196255 This issue is not exploitable as the status file is only written to and read by the slurpd process. Therefore this is not a vulnerability that affects Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. This issue does not affect the versions of Evolution as distributed with Red Hat Enterprise Linux. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. We do not ship aRts as setuid root on Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat does not consider this a security issue. It is expected behavior that a large input file will cause the processing program to use a large amount of memory. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Unknown: CVE-2006-3018 has been assigned to an issue in PHP where the cause and fix are unknown, and the impact cannot be verified. The source of the CVE assignment was a single line statement in the PHP 5.1.3 release announcement, http://www.php.net/release_5_1_3.php, reading: "Fixed a heap corruption inside the session extension." Of the changes made to the session extension between releases 5.1.2 and 5.1.3, none would fix a bug matching this description by our analysis. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. Adobe told us that this issue does not affect the Linux versions of Adobe Acrobat Reader. This issue did not affect the versions of NetPBM distributed with Red Hat Enterprise Linux 2.1, 3, or 4. This issue has not been able to be reproduced by upstream or after a Red Hat code review. We therefore do not believe this is a security vulnerability. On Red Hat Enterprise Linux 2.1, 3, 4, and 5 this is a two-byte overflow into the middle of the stack and is not exploitable. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue affects the version of the passwd command from the shadow-utils package. Red Hat Enterprise Linux 2.1, 3, and 4 are not vulnerable to this issue. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. We do not consider this issue to have security implications, and therefore have no plans to issue MySQL updates for Red Hat Enterprise Linux 2.1, 3, or 4 to correct this issue. Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player. Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198912 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This vulnerability does not affect Red Hat Enterprise Linux 2.1 or 3 as they are based on 2.4 kernels. The exploit relies on the kernel supporting the a.out binary format. Red Hat Enterprise Linux 4, Fedora Core 4, and Fedora Core 5 do not support the a.out binary format, causing the exploit to fail. We are not currently aware of any way to exploit this vulnerability if a.out binary format is not enabled. In addition, a default installation of these OS enables SELinux in enforcing mode. SELinux also completely blocks attempts to exploit this issue. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973#c10 We do not consider a crash of a client application such as Konqueror to be a security issue. We do not consider a user-assisted crash of a client application such as Firefox to be a security issue. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler has added padding to the stack immediately after the buffer being overwritten, this issue can not be exploited, and Apache httpd will continue operating normally. The Red Hat Security Response Team analyzed Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4 binaries for all architectures as shipped by Red Hat and determined that these versions cannot be exploited. This issue does not affect the version of Apache httpd as supplied with Red Hat Enterprise Linux 2.1 This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled. Details on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing This issue does not affect versions of Mikmod 3.2.0-beta2 or prior. Versions of Mikmod distributed with Red Hat Enterprise Linux 2.1, 3, and 4 are based on version 3.1.11 and are therefore not vulnerable to this issue. Vulnerable. This issue affects the versions of php as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of php53 as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact. A future update might address this flaw. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not Vulnerable. The version of BIND that ships with Red Hat Enterprise Linux is not vulnerable to this issue as it does not handle signed RR records. Not Vulnerable. This issue was found and fixed as part of Red Hat Enterprise Linux 4 update 4: http://rhn.redhat.com/errata/RHBA-2006-0288.html and Red Hat Enterprise Linux 3 update 8: http://rhn.redhat.com/errata/RHBA-2006-0287.html This issue does not affect Red Hat Enterprise Linux 2.1 LessTif is shipped with Red Hat Enterprise Linux 2.1 but not 3 or 4. On Enterprise Linux 2.1 we build LessTif with debugging disabled, so the DEBUG_FILE environment variable is ignored and this issue cannot be exploited. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Updates to address this issue are available for Red Hat Enterprise Linux 3 and 4: https://rhn.redhat.com/cve/CVE-2006-4146.html Red Hat Enterprise Linux 5 was not vulnerable to this issue as it contained a backported patch. Not Vulnerable. Red Hat does not ship GNU Radius in Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203426 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3 This issue did not affect the versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 was not vulnerable to this issue as it contained a backported patch since its first release. In Red Hat Enterprise Linux 3 and 4, this issue was addressed via: https://rhn.redhat.com/errata/RHSA-2009-1101.html Red Hat does not consider this flaw a security issue. This flaw is the result of a NULL pointer dereference, which is not exploitable and can only cause a client crash. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220595 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat no longer plans to fix this issue in lha for Red Hat Enterprise Linux 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220595 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220595 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Vulnerable. This issue affects OpenSSL and OpenSSL compatibility packages in Red Hat Enterprise Linux 2.1, 3, and 4. Updates, along with our advisory are available at the URL below. http://rhn.redhat.com/errata/RHSA-2006-0661.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. We do not consider this to be a PHP flaw. The problem is caused by the insufficient input validation performed by Zend platform. This flaw causes a crash but does not result in a denial of service against Sendmail and is therefore not a security issue. Not Vulnerable. This issue does not exist in Red Hat Enterprise Linux 2.1 or 3. This issue not exploitable in Red Hat Enterprise Linux 4. A detailed analysis of this issue can be found in the Red Hat Bug Tracking System: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195555 We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Not vulnerable. This issue did not affect versions of wvWare library included in koffice packages as shipped with Red Hat Enterprise Linux 2.1 Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat no longer plans to fix this issue in Red Hat Enterprise Linux 4. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205826 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 4: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204912 This issue does not affect Red Hat Enterprise Linux 2.1 or 3. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205651 The Red Hat Security Response Team has rated this issue as having low security impact and expects to release a future update to address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which are in maintenance mode. This bug will be addressed in a future update of Red Hat Enterprise Linux 4. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2. Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2. Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2. Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, and 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue also affects other OS that use NSPR. However, Red Hat does not ship any application linked setuid or setgid against NSPR and therefore is not vulnerable to this issue. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat does not consider this flaw a security issue. This flaw can cause an OpenSSH client to crash when connecting to a malicious server, which does not result in a denial of service condition. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue did not affect Red Hat Enterprise Linux 2.1 and 3. This issue was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2007-0703.html and https://rhn.redhat.com/errata/RHSA-2007-0540.html respectively. Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 4: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210128 This issue does not affect Red Hat Enterprise Linux 2.1 or 3. Red Hat does not consider this issue to be a security vulnerability. We have been in contact with the upstream project regarding this problem and agree that this issue currently poses no security threat. In the event more information becomes available, we will revisit this issue in the future. Red Hat does not consider this issue to be a security vulnerability. We have been in contact with the upstream project regarding this problem and agree that this issue currently poses no security threat. In the event more information becomes available, we will revisit this issue in the future. Not Vulnerable. This flaw only affects kernel versions 2.6.14 to 2.6.18. Red Hat Enterprise Linux 2.1, 3, and 4 does not ship with a vulnerable kernel version. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat has been unable to reproduce this flaw and believes that the reporter was experiencing behavior specific to his environment. We will not be releasing update to address this issue. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211085 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211085 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. Not vulnerable. These issues did not affect the versions of libX11 as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213515 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat is aware of this issue and are tracking it via bug 213214 for Red Hat Enterprise Linux 4: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213214 This issue does not affect Red Hat Enterprise Linux 2.1 or 3 Red Hat does not consider a user-assisted crash of a client application such as Firefox to be a security issue. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, or 5. Red Hat Enterprise Linux 2.1 did not ship for PowerPC architecture. Not Vulnerable. The squashfs module is not distributed as part of Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This flaw does not affect the Linux kernel shipped with Red Hat Enterprise Linux 2.1 or 3. This flaw affects the Linux kernel shipped with Red Hat Enterprise Linux 4. We are tracking this flaw via bug 216452: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216452 Red Hat Enterprise Linux 2.1 is not vulnerable to this issue as it only affects x86_64 architectures. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch at release. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not Vulnerable. The OpenLDAP versions shipped with Red Hat Enterprise Linux 4 and earlier do not contain the vulnerable code in question. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue did not affect Red Hat Enterprise Linux 2.1. This issue was addressed in Red Hat Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2006-0738.html . Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The CVE-2006-5823 is about a corrupted cramfs (MOKB-07-11-2006) that can cause a memory corruption and so crash the machine. For Red Hat Enterpise Linux 3 this issue is tracked via Bugzilla #216960 and for Red Hat Enterprise Linux 4 it is tracked via Bugzilla #216958. Red Hat Enterprise Linux 2.1 is not vulnerable to this issue. This issue has been rated as having low impact, because root privileges or physical access to the machine are needed to mount a corrupted filesystem and crash the machine. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 2.1. This issue did not affect Red Hat Enterprise Linux 3 or 4. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=215593 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. The vulnerable code is not used by any application likned with libsoup shipped with Red Hat Enterprise Linux 2.1, 3, and 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with fvwm, however this issue does not affect the included version of fvwm. Not vulnerable. This issue does not affect the versions of fetchmail distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat does not consider unexploitable client application crashes to be security flaws. This bug causes a stack recursion crash which is not exploitable. Not vulnerable. This issue did not affect Linux versions of Adobe Reader. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not Vulnerable. The kernel as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 do not contain gfs2 filesystem support. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. This flaw was first introduced in gdm version 2.14. Therefore these issues did not affect the earlier versions of gdm as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat is aware of this issue and is tracking it for Red Hat Enterprise Linux 4 via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218602 This issue does not affect the version of the Linux kernel shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat does not consider this bug to be a security flaw. In order for this flaw to be exploited, a user would be required to enter shellcode into an interactive GnuPG session. Red Hat considers this to be an unlikely scenario. Red Hat Enterprise Linux 5 contains a backported patch to address this issue. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. This issue does not affect the Linux version of Adobe Reader. We do not consider a crash of a client application such as Konqueror or other KFile users to be a security issue. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. For other versions of Red Hat Enterprise Linux see http://rhn.redhat.com/cve/CVE-2006-6303.html This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit d025c9db that introduced the problem. This upstream commit was backported in Red Hat Enterprise Linux 5 via RHSA-2009:0225. It was later reported and addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0046.html Not vulnerable. This issue does not affect the versions of net-smtp as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Not Vulnerable. eEye Research advisory AD20061207 (Intel Network Adapter Driver Local Privilege Escalation) describes a flaw in the Linux Kernel drivers for the e100, e1000, and ixgb Intel network cards. The flaw affects the NDIS miniport drivers and its OID support. The Linux Kernel drivers do not support the NDIS API and the OID concept from Microsoft Windows. Not vulnerable. OpenLDAP as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 does not support the LDAP_AUTH_KRBV41 authentication method. Red Hat does not consider this flaw a security issue. This flaw will only crash OpenOffice.org and presents no possibility for arbitrary code execution. Not vulnerable. This issue did not affect the versions of KDE as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=221459 We do not consider a crash of a client application such as wget to be a security issue. This flaw was fixed in wget shipped in Red Hat Enterprise Linux 5 before the initial release of the product. Version of wget shipped in Red Hat Enterprise Linux 3 and 4 are affected by this bug. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. We do not consider a crash of a client application such as KsIRC to be a security issue. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223072 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue can only be exploited if pending signals (ulimit -i) is set to "unlimited". In case of Red Hat Enterprise Linux version 2.1, 3 and 4 this is not the case and therefore they are not vulnerable to this issue. Not vulnerable. This issue was specific to a Debian patch to Apache HTTP Server. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This flaw has been rated as having a low severity by the Red Hat Security Response Team. More information about this rating can be found here: http://www.redhat.com/security/updates/classification/ This flaw is currently being tracked via the following bugs: https://bugzilla.redhat.com/show_bug.cgi?id=231449 https://bugzilla.redhat.com/show_bug.cgi?id=231448 The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which are in maintenance mode. Not vulnerable. Our testing found that this issue did not affect the versions of Kmail as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. ** DISPUTED ** Sendmail classes the CipherList directive as "for future release"; currently unsupported and undocumented. Therefore the lack of support for the CipherList directive in various Red Hat products is not a vulnerability. Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php The memory_limit configuration option is used to constrain the amount of memory which a script can consume during execution. If this setting is disabled (or set unreasonably high), it is expected behaviour that scripts will be able to consume large amounts of memory during script execution. The memory_limit setting is enabled by default in all versions of PHP distributed in Red Hat Enterprise Linux and Application Stack. Red Hat does not consider a user assisted client crash such as this to be a security flaw. This issue did not affect the MySQL packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4 as they did not support INFORMATION_SCHEMA, introduced in MySQL version 5. Not vulnerable. This issue did not affect the versions of the xterm package, as shipped with Red Hat Enterprise Linux 3, 4, and 5, and the version of the XFree86 (providing xterm) and hanterm-xf packages, as shipped with Red Hat Enterprise Linux 2.1. This issue was addressed in Red Hat Enterprise Linux 5 via RHBA-2012:0319: https://rhn.redhat.com/errata/RHBA-2012-0319.html It did not affect versions of gnutls as shipped with Red Hat Enterprise Linux 4 and 6. This issue affects the version of php as shipped with Red Hat Enterprise Linux 6. This issue affects the version of php and php53 as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. These flaws do not affect any version of libpng shipped with Red Hat Enterprise Linux. This issue was corrected in Red Hat Enterprise Linux 5 via RHSA-2009:1335. It did not affect openssl packages shipped with Red Hat Enterprise Linux 6. Not vulnerable. These issues did not affect the versions of pam as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1, 3, 4, or 5: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-0062 This issue is the same as CVE-2007-5365. The affected dhcp versions were fixed via: https://rhn.redhat.com/errata/RHSA-2007-0970.html Not vulnerable. The affected code is in an optional module that is not shipped in Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat does not consider this issue to be a security vulnerability. The pottential attacker has to send acknowledgement packets periodically to make server generate traffic. Exactly the same effect could be achieved by simply downloading the file. The statement that setting the TCP window size to arbitrarily high value would permit the attacker to disconnect and stop sending ACKs is false, because Red Hat Enterprise Linux limits the size of the TCP send buffer to 4MB by default. Some implementations of the PDF specification erroneously allow page tree objects that refer back to themselves. As a result, an infinite loop could be created. We believe this could only result in a denial of service against the application. We do not consider a user-assisted DoS of a client application to be a security issue. Not Vulnerable. This flaw is the result of an infinite recursion flaw in xpdf, which cannot result in arbitrary code execution. Not vulnerable. This issue does not affect the older versions of neon as shipped with Red Hat Enterprise Linux 2.1, 3, and 4. This issue also does not affect the older versions of neon included in the cadaver package. Not vulnerable. This issue did not affect the versions of slocate as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. This issue did not affect the versions of libgtop as shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This flaw affects Red Hat Enterprise Linux 4 and is being tracked via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249884 Not vulnerable. This issue did not affect Zope included within the conga package shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue did not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Not vulnerable. These issues did not affect Linux versions of Samba. Not vulnerable. These issues affect the AFS ACL module which is not distributed with Samba in Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=234312 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of ISC BIND as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225414 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat does not consider this issue to be a security vulnerability. The user would have to voluntarily interact with the attack mechanism to exploit the flaw, and the result would be the ability to run code as themselves. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228013 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. The Red Hat Security Response Team has rated this issue as having low security impact. There are no longer plans to fix this flaw in Red Hat Enterprise Linux 4. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228013 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. Red Hat did not ship the incomplete patch for CVE-2006-5456 and is therefore not affected by this issue. Red Hat does not consider this issue to be a security vulnerability. On Red Hat Enterprise Linux processes that change their effective UID do not dump core by default when they receive a fatal signal. Therefore the NULL pointer dereference does not lead to an information leak. Red Hat does not consider this issue to be a security vulnerability. It is correct and expected behavior for xterm not to zero-fill its scrollback buffer upon reception of terminal clear excape sequence. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Not vulnerable. This flaw is a regression of the fix for CVE-2007-0906 affecting PHP version 5.2.1 only which results in any use of str_replace() causing a crash regardless of user input. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. This issue was fixed in php package updates for Red Hat Enterprise Linux and Red Hat Application Stack: http://rhn.redhat.com/cve/CVE-2007-1001.html This issue did not affect the versions of gd as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect versions of libevent as shipped with Red Hat Enterprise Linux 5. The JBoss AS console manager should always be secured prior to deployment, as directed in the JBoss Application Server Guide and release notes. By default, the JBoss AS installer gives users the ability to password protect the console manager. If the user did not use the installer, the raw JBoss services will be in a completely unconfigured state and these steps should be performed manually: http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-1199 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232347 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ The phpinfo function should not be used in publically-accessible PHP scripts. Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5. We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed. This flaw exists in versions of PHP as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack 1. These issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, Stronghold 4.0, or Red Hat Application Stack 2. The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. Our previous fixes for CVE-2007-0906 included a patch that also addressed the issue now given CVE name CVE-2007-1380. For a full list of versions that contained a fix for this issue please see: https://rhn.redhat.com/cve/CVE-2007-1380.html Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. Red Hat does not consider this to be a security vulnerability. Using import_request_variables() is generally a discouraged practice and it is improper use that can lead to security problems, not flaw of PHP itself. Not vulnerable. The zip extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include Cracklib support. Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include mssql support. Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include ClibPDF support. Not vulnerable. The php-snmp package as shipped with Red Hat Enterprise Linux 4 and 5 use net-snmp which is not vulnerable to this issue. This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4. Not vulnerable. The filter extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. Not vulnerable. The filter extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. Not vulnerable. The filter extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. Not vulnerable. The zip extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include ibase support. The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233592 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ We do not consider a crash of a client application such as Konqueror to be a security issue. The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0907. Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0910. Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack, and Stronghold 4.0 do not include PHPDoc support. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233581 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue has no security impact. Not vulnerable. This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. These attacks are reliant on an insecure configuration of the server - that the user the server runs as has write access to the document root. The suexec security model is not intented to protect against privilege escalation in such a configuration These attacks are reliant on an insecure configuration of the server - that the user the server runs as has write access to the document root. The suexec security model is not intented to protect against privilege escalation in such a configuration These attacks are reliant on an insecure configuration of the server - that the user the server runs as has write access to the document root. The suexec security model is not intented to protect against privilege escalation in such a configuration Not vulnerable. The zip extension was not distributed with PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0906. The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. Not vulnerable. This issue was specific to httpd version 2.2.4 and did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5. The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0906. We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed. For more information please see: https://bugzilla.redhat.com/show_bug.cgi?id=mopb#c37 Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. Not vulnerable. The filter extension was not shipped in the versions of PHP supplied for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. Not vulnerable. These issues did not affect the versions of file as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue affected Red Hat Enterprise Linux 4 and 5. Update packages were released to correct it via: http://rhn.redhat.com/errata/RHSA-2009-1471.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236585 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Not vulnerable. This issue is a flaw in the way Java and Quicktime interact. This issue did not affect Red Hat Enterprise Linux prior to version 5. An update to Red Hat Enterprise Linux 5 was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0297.html Not vulnerable. These issues did not affect the versions of BIND as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. OpenSSH supplied with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not contain S/KEY support. This issue was fixed in RealPlayer for Red Hat Enterprise Linux 3 Extras, 4 Extras, 5 Supplementary by RHSA-2007:0841 on 17th August 2007: http://rhn.redhat.com/errata/RHSA-2007-0841.html)on (Our original advisory did not mention this issue was fixed as the details of the issue were not made public by RealNetworks until 25th October 2007) This issue was fixed in RealPlayer for Red Hat Enterprise Linux 3 Extras, 4 Extras, 5 Supplementary by RHSA-2007:0841 on 17th August 2007: http://rhn.redhat.com/errata/RHSA-2007-0841.html)on (Our original advisory did not mention this issue was fixed as the details of the issue were not made public by RealNetworks until 25th October 2007) This issue does not affect lftp as supplied with Red Hat Enterprise Linux 3. This issue was addressed for Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1278.html The Red Hat Security Response Team has rated this issue as having low security impact, a future update to Red Hat Enterprise Linux 4 may address this flaw. Red Hat ship Axis in a number of products; however the installation path of Axis is fixed and deterministic, so this flaw does not disclose otherwise unknown information. We do not plan on issuing updates to fix this issue. Not vulnerable. This flaw is specific to Mac OS X and does not affect any version of Red Hat Enterprise Linux. Red Hat does not consider a user assisted client crash such as this to be a security flaw. Not vulnerable. These issues did not affect the versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-2448 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. Red Hat did not ship GNU locate in Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue does not affect the mlocate or slocate packages that are supplied with Red Hat Enterprise Linux. This issue did not affect the versions of the the Linux kernel supplied with Red Hat Enterprise Linux 2.1, 3, or 4. For systems based on Red Hat Enterprise Linux 5, this is only an issue for systems without a real time clock, harddrive activity, or user input during boot time. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241718 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or Red Hat Application Stack v2. Updates to correct this issue for Red Hat Enterprise Linux 5, and Red Hat Application Stack v1 are available at http://rhn.redhat.com/cve/CVE-2007-2510.html The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. This bug described in CVE-2007-2511 can only be triggered by a script author since no trust boundary is crossed, this issue is not treated as security-sensitive. Installation of a PEAR package from an untrusted source could allow malicious code to be installed and potentially executed by the root user. This is true regardless of the existence of this particular bug in the PEAR installer, so the bug would not be treated as security-sensitive. As when handling system RPM packages, the root user must always ensure that any packages installed are from a trusted source and have been packaged correctly. This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4. Red Hat does not consider this flaw to have security consequences. For more details please see the following: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240055 Updates for Red Hat Enterprise Linux are available from http://rhn.redhat.com/errata/RHSA-2007-0386.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-2691 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3 and 4. Not vulnerable. These issues did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect versions of ghostscript as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5 as they do not include a bundled JasPer library. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, or Red Hat Application Stack 1, or 2, as the packages shipped are not compiled with the mcrypt extension affected by this issue. Not vulnerable. This issue did not affect the versions of lcms as shipped with Red Hat Enterprise Linux 5. We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed. This flaw exists in versions of PHP as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack 1. These issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or Red Hat Application Stack 2. Red Hat does not consider this flaw to be a security vulnerability. We are not aware of any long running processes using libgd which could not recover from this condition. Not vulnerable. OPIE for PAM is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat does not consider a user-assisted crash of a user application such as Emacs to be a security issue. Not vulnerable. PHP is not built or supported in a multi-threaded environment in the packages distributed in Red Hat Enterprise Linux or Application Stack. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-2872 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issu did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Updates are available for Red Hat Enterprise Linux 2.1, 3, 4, and 5 to correct this issue: http://rhn.redhat.com/errata/RHSA-2007-0740.html Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248542 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Not vulnerable. This issue did not affect version of Sylpheed as shipped with Red Hat Enterprise Linux 2.1. Sylpheed and claws-mail are not shipped with Red Hat Enterprise Linux 3, 4, or 5. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required. For more information please see: http://www.apacheweek.com/issues/03-01-24#news This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat does not consider a user-assisted crash of a user application such as GIMP to be a security issue. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=252169 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. Mozilla is no longer shipped as part of any version of Red Hat Enterprise Linux. Mozilla was replaced by SeaMonkey in Red Hat Enterprise Linux by SeaMonkey which is not affected by this issue. Not vulnerable. Versions of sudo package shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 are linked with PAM support and never use libkrb5 authentication. This is not a security vulnerability: it is the expected behaviour of parse_str when used without a second parameter. Red Hat does not consider this do be a security issue. dblink is disabled in default configuration of PostgreSQL packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5, and it is a configuration decision whether to grant local users arbitrary access. Fixes to correct this bug were included in PostgreSQL updates: https://rhn.redhat.com/cve/CVE-2007-3278.html Red Hat does not consider this do be a security issue. Creating functions is intended feature of the PL/pgSQL language and is definitely not a security problem. Weak passwords are generally more likely to be guessed with brute force attacks and choosing a strong password according to good practices is considered to be a sufficent protection against this kind of attack. Red Hat does not consider this do be a security issue. The ability of the superuser to execute code on behalf of the database server is an intended feature and imposes no security threat as the superuser account is restricted to the database administrator. Not vulnerable. PHP is not complied with the tidy library as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, or Red Hat Application Stack v1 or v2. Not a vulnerability. In the security model used by Apache httpd, the less-privileged child processes (running as the "apache" user) completely handle the servicing of new connections. Any local user who is able to run arbitrary code in those children is therefore able to prevent new requests from being serviced, by design. Such users will also be able to "simulate" server load and force the parent to create children up to the configured limits, by design. Not vulnerable. This issue did not affect the versions of avahi as shipped with Red Hat Enterprise Linux 5. Not vulnerable, Red Hat do not ship the Lhaca file archiver. Note that an identical flaw was found affecting the lha file archiver in 2004, CVE-2004-0234. This issue was corrected by security update RHSA-2004:178 for Red Hat Enterprise Linux 2.1 and 3. Red Hat Enterprise Linux 4 was not vulnerable as it contained a backported patch to correct this issue from release. http://rhn.redhat.com/errata/RHSA-2004-178.html We do not consider this to be security issues. For more details see: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3472 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3473 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the versions of gd as shipped with Red Hat Enterprise Linux 2.1 or 3 as they did not offer GIF image support. We do not plan to backport a fix for this issue to the gd packages as shipped in Red Hat Enterprise Linux 4 and 5 due to the low likelihood of an application affected by this problem being exposed in a way that would allow a trust boundary to be crossed. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3475 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3476 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Due to the minimal impact of this flaw (temporary DoS by high CPU usage) and low likelihood of this problem being exposed in a way that would allow trust boundary crossing, we currently do not plan to backport a fix for this issue to the versions of gd as shipped in Red Hat Enterprise Linux 2.1, 3, 4 or 5. We currently do not plan to backport a fix for this issue to gd packages in current versions of Red Hat Enterprise Linux 2.1, 3, 4, and 5 due to the low likelihood of and application affected by this problem being exposed in a way that would allow trust boundary to be crossed. Not vulnerable. These issues did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. After careful analysis by Red Hat and several Glibc developers, it has been determined that this bug is not exploitable. For more information please see Red Hat Bugzilla bug #247208 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=247208 This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. The curl packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 are not linked against the gnutls library. Red Hat does not consider bugs which result in a user-assisted crash of end user application to be a security issue. Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux. Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux. Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux. Not vulnerable. These issues did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. The Red Hat Security Response Team has rated this issue as having moderate security impact. The risks associated with fixing this bug are greater than the moderate severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG. Not vulnerable. libsilc was not shipped with Enterprise Linux 2.1 or 3. This issue did not affect the versions of libsilc as shipped with Red Hat Enterprise Linux 4 or 5. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248553 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248553 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This flaw is specific to PHP on Windows. This issue does not affect the version of tcpdump shipped in Red Hat Enterprise Linux 2.1 or 3. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250275 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3799 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue only affected PHP on Windows platforms. This issue did not affect Red Hat Enterprise Linux 2.1 or 3. For Red Hat Enterprise Linux 4 and 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248537 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250648 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. Not vulnerable. This issue does not affect the versions of Firefox or Thunderbird as shipped with Red Hat Enterprise Linux. This issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. For Red Hat Enterprise Linux 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251200 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3919 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affected Red Hat Enterprise Linux 5 with a low security impact. An update to the compiz package was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0485.html Red Hat does not consider a user assisted client crash such as this to be a security flaw. Not vulnerable. fsplib is part of gftp in Red Hat Enterprise Linux 5, but this issue does not affect Linux. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1. Not vulnerable. Versions of PHP packages as shipped with current Red Hat products are not linked with t1lib. Not vulnerable. This issue does not affect the versions of Firefox or Thunderbird as shipped with Red Hat Enterprise Linux. Not vulnerable. This issue does not affect the versions of Firefox or Thunderbird as shipped with Red Hat Enterprise Linux. The CVE description for this bug is incorrect. The backported patch for CVE-2007-2447 missed the character c in the shell escaping whitelist of allowed characters, therefore not allowing commands with a c in them to be executed. This is therefore a regression bug and not a security vulnerability. The Red Hat Security Response Team has rated this issue as having low security impact. Updates to correct this are available: https://rhn.redhat.com/cve/CVE-2007-4045.html Not vulnerable. This is a rediscovery and therefore a duplicate of CVE-2000-1205 which was corrected in upstream Apache httpd 1.3.11. Not vulnerable. This flaw did not affect Red Hat Enterprise Linux 2.1, 3, or 4 due to the version of rsync. This flaw does exist in Red Hat Enterprise Linux 5, but due to the nature of the flaw it is not exploitable with any security consequence due to stack-protector. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. These issues did not affect the versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. These issues did not affect the dovecot versions as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. An update to Red Hat Enterprise Linux 5 was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0297.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251708 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. Not vulnerable. These issues did not affect the versions of konqueror as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat does not consider a crash of a client application such as Konqueror to be a security flaw. Red Hat does not consider this flaw a security issue. This flaw will only crash OpenOffice.org if a victim opens a malicious document. Not vulnerable. PHP packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4, and 5 are not compiled with msql library and are not vulnerable to this issue. Vulnerable. This issue affected the CUPS packages in Red Hat Enterprise Linux 5. This issue also affected the versions of CUPS packages in Red Hat Enterprise Linux 3 and 4, but exploitation would only lead to a possible denial of service. Updates are available from https://rhn.redhat.com/cve/CVE-2007-4351.html This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the "AddDefaultCharset" directive and are using directory indexes. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4465 This issue was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0141.html for tar. It did not affect the version of tar as shipped with Red Hat Enterprise Linux 3. This issue was also addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0144.html for cpio. It did not affect the version of cpio as shipped with Red Hat Enterprise Linux 3 and 4. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, or Red Hat Application Stack 1. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=263261 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit a11d206d that introduced the problem. This upstream commit was backported in Red Hat Enterprise Linux 5 via RHBA-2008:0314. It was reported and addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0019.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4568 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. This issue affected users who were running 64-bit versions of Red Hat Enterprise Linux 3, 4, or 5 on x86_64 architecture. It did not affect users of Red Hat Enterprise Linux 2.1. Updates are available for Red Hat Enterprise Linux 3, 4, and 5 to correct this issue. New kernel packages along with our advisory are available at the URL below as well as via the Red Hat Network. http://rhn.redhat.com/errata/CVE-2007-4573.html Not vulnerable. This issue did not affect the version of IrcII as shipped with Red Hat Enterprise Linux 2.1. IrcII was not shipped in Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary. Not vulnerable. This issue was specific to a patch from Debian project and did not affect versions of tcp_wrappers packages as shipped with Red Hat Enterprise Linux. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php The only effect of this bug is to cause the process to read from a random segment of memory, if a large "length" parameter is passed to the strspn/strcspn function, which is under the control of the script author. This bug has no security impact. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1. Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Application Stack v1. Not vulnerable. Red Hat did not include an incomplete fix for CVE-2007-2872 for PHP in Red Hat Enterprise Linux or Red Hat Application Stack. For more details, see: https://bugzilla.redhat.com/show_bug.cgi?id=278161#c5 Not vulnerable. Red Hat did not include an incomplete fix for CVE-2007-2872 for PHP in Red Hat Enterprise Linux or Red Hat Application Stack. This bug can only be triggered by supplying a non-default openssl.conf configuration file, which is entirely under the control of the script author or server administrator, and hence is not a security issue. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Duplicate of CVE-2007-6113. This flaw was fixed for Red Hat Enterprise Linux 4 in RHSA-2007-0898: https://rhn.redhat.com/errata/RHSA-2007-0898.html Red Hat Enterprise Linux 5 is not affected by this flaw. More information can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=285991 Red Hat Enterprise Linux 2.1 and 3 do not support the composite extension and are not vulnerable to this flaw. This issue did not affect the OpenSSH packages as distributed with Red Hat Enterprise Linux 2.1 or 3, as they do not support Trusted X11 forwarding. For Red Hat Enterprise Linux 4 and 5, this issue was addressed via: https://rhn.redhat.com/errata/RHSA-2008-0855.html We do not consider this to be a security issue. For more information please see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php We do not consider this to be a security issue. For more information please see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php We do not consider this to be a security issue. For more information please see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php We do not consider this to be a security issue. For more information please see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=285691 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4829 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ We do not consider this to be a security issue. For more information please see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Not vulnerable. This flaw does not affect the Linux version of Firefox. Not vulnerable. There is no support for jffs2 in the Linux kernel as distributed with Red Hat Enterprise Linux 2.1 or 3. There is no ACL support for jffs2 in the Linux kernel as distributed with Red Hat Enterprise Linux 4 or 5. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php The argument passed to the dl() function must always be under the control of the script author. We therefore do not consider this to be a security issue. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php We do not consider a crash of a client application such as RealPlayer or Helix Player to be a security issue. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Note: As the address of the overwritten byte is not under attackers control, the worst impact his bug could have is an application crash. It can not be exploited to execute arbitrary code. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4990 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. An update to correct this issue for Enterprise Linux 5 is available. http://rhn.redhat.com/cve/CVE-2007-4995.html Please note that the CVE description is incorrect, this issue did not affect upstream versions of OpenSSL prior to 0.9.8. Not vulnerable. These issues did not affect the versions of Pidgin or Gaim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue affects the busybox package in Red Hat Enterprise Linux 2.1, 3, 4, and 5, This issue affects the fileutils package in Red Hat Enterprise Linux 2.1. This issue affects the coreutils package in Red Hat Enterprise Linux 3. The coreutils package in Red Hat Enterprise Linux 4 and 5 are not vulnerable to this issue. Given this issue has minimal risk we do not intend to issues updates to correct this issue in affected versions of Red Hat Enterprise Linux. For more information please see: https://bugzilla.redhat.com/show_bug.cgi?id=356471 Not vulnerable. This issue did not affect the versions of Pidgin or Gaim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect version of balsa as shipped with Red Hat Enterprise Linux 2.1. According to Abobe this issue affects only the Windows platform and therefore does not affect Adobe Acrobat Reader as distributed with Red Hat Enterprise Linux Extras. http://www.adobe.com/support/security/advisories/apsa07-04.html Not vulnerable. These issues did not affect the versions of Firefox as shipped with Red Hat Enterprise Linux. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=181302 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Not vulnerable. This issue did not affect the versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary. This issue was fixed in RealPlayer for Red Hat Enterprise Linux 3 Extras, 4 Extras, 5 Supplementary by RHSA-2007:0841 on 17th August 2007: http://rhn.redhat.com/errata/RHSA-2007-0841.html)on (Our original advisory did not mention this issue was fixed as the details of the issue were not made public by RealNetworks until 25th October 2007) Not vulnerable. These issues did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5137 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Updates are available to address this issue: https://rhn.redhat.com/errata/RHSA-2007-0969.html Not vulnerable. These issues do not affect Linux versions of Sun JDK or JRE. Not vulnerable. These issues did not affect the versions of Sun JDK as shipped with Red Hat Enterprise Linux Extras 4 or 5. Not vulnerable. This issue did not affect the versions of libpng and libpng10 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of libpng and libpng10 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of libpng and libpng10 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect versions of tog-pegasus as shipped with Red Hat Enterprise Linux 4, or 5. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360 Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 did not include the Tramp extension with Emacs. The version of Tramp included with Emacs in Red Hat Enterprise Linux 5 was not vulnerable to this issue. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5378 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat does not consider this to be a security issue. The function behaves as documented. Furthermore, the function shouldnt be considered a security feature, for reasons described at https://bugzilla.redhat.com/show_bug.cgi?id=332451#c3 and http://www.php.net/security-note.php Not vulnerable. The versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 do not support GSS-TSIG and are not linked with libgssapi library. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This vulnerability only affected the OpenSSL FIPS Object Module which is not enabled or used by OpenSSL in Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 and 4 Extras or with Red Hat Enterprise Linux 5 Supplementary. Not vulnerable. These issues did not affect PHP on Linux. Not vulnerable. This issue did not affect the versions of OpenLDAP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5729 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect versions of plone included in conga/luci packages as shipped with Red Hat Enterprise Linux 5 or Red Hat Cluster Suite for Red Hat Enterprise Linux 4. Red Hat does not consider a user assisted client crash such as this to be a security flaw. Not vulnerable. This issue did not affect versions of Emacs as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect versions of geronimo-specs packages as shipped Red Hat Enterprise Linux 5, Red Hat Application Stack, Red Hat Application Server, Red Hat Directory Server and Red Hat Certificate System, as the geronimo-specs package only contains the specification of the Apache Geronimo Servers services and interfaces and not the vulnerable J2EE server classes. Not vulnerable. After a detailed analysis of this flaw, it has been determined that it is not exploitable on Red Hat Enterprise Linux 3, 4, or 5. For more information please see: https://bugzilla.redhat.com/show_bug.cgi?id=415141 Not vulnerable. This flaw does not affect the version of CUPS shipped in Red Hat Enterprise Linux 3 or 4. After a detailed analysis of this flaw, it has been determined it does not pose a security threat on Red Hat Enterprise Linux 5. For more details regarding this analysis, please see: https://bugzilla.redhat.com/show_bug.cgi?id=415131 This issue is not a vulnerability, for more information see http://marc.info/?m=119743235325151 Red Hat does not consider this flaw a security issue. This flaw is not exploitable and can only cause a client to stop responding or crash. This issue was fixed in all affected PHP versions shipped in Red Hat products. For list of security advisories, visit: https://rhn.redhat.com/errata/CVE-2007-5898.html The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5901 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue is not a practical vulnerability, for more information see http://marc.info/?m=119743235325151 Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5935 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of tetex packages as shipped with Red Hat Enterprise Linux 3, 4, or 5, as they do not provide the dviljk binary. Not vulnerable. This issue did not affect the versions of tetex packages as shipped with Red Hat Enterprise Linux 3, 4, or 5, as they do not provide dviljk binary. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5963 The Red Hat Security Response Team has rated this issue as having low security impact, at this time Red Hat does not intend to address this flaw in a future update. Not vulnerable. This issue did not affect versions of qt or qt4 packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, and 4. It was addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1193.html, and https://rhn.redhat.com/errata/RHSA-2008-0585.html respectively. Not vulnerable. This issue did not affect the mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack v1, and v2, as the versions shipped do not support table partitioning. The partitioning feature was introduced in development MySQL version 5.1. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5971 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. See http://marc.info/?m=119743235325151 This issue is not a vulnerability, for more information see http://marc.info/?m=119743235325151 Not vulnerable. This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 4 and 5. Red Hat doesnt consider this a security issue. The arguments to the functions in question should always be under the control of the script author, rather than untrusted script input, so these issues would not be treated as security-sensitive. Red Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed. The user must voluntarily interact with the attack mechanism to exploit this flaw, with the result being the ability to run code as themselves. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6113 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat does not consider this to be a security issue. Versions of rsync as shipped with Red Hat Enterprise Linux 2.1, 3, 4 and 5 behave as expected and that behavior was well documented. The Red Hat Security Response Team has rated this issue as having moderate security impact. This flaw has been addressed in Red Hat Enterprise Linux 5 via RHSA-2011:0999 advisory. This flaw did not affect the version of rsync as shipped with Red Hat Enterprise Linux 6. Red Hat does not intend to fix this flaw in Red Hat Enterprise Linux 4. Red Hat does not consider this issue to be a vulnerability. In order to exploit this for cross-site scripting, the attacker would have to get the victim to supply an arbitrary malformed HTTP method to a target site. However, this has been fixed in Red Hat Enterprise Linux 5 via RHBA-2009:0185 as a bug fix. Not vulnerable. These issues did not affect the versions of the zsh package as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Xen and KVM, as shipped with Red Hat Enterprise Linux 5 by default use only peripheral device emulation of QEMU and are therefore not vulnerable to this issue. Red Hat does not consider this a security issue. The downloading of arbitrary files will be harmless unless there is a vulnerability in the application handling these other filetypes. This flaw is not exploitable to run arbitrary code and can only cause an application crash. Red Hat does not consider a crash of the flac application or applications that use flac libraries such as media players to be a security issue. An update to Red Hat Enterprise Linux 5 was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0300.html Not Vulnerable. Red Hat does not ship a version of Apache Tomcat that enables the native APR connector. This issue did not affect the mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue affected the mysql packages as shipped in Red Hat Application Stack v1 and v2 and was addressed by RHSA-2007:1157: http://rhn.redhat.com/errata/RHSA-2007-1157.html Not vulnerable. The MySQL versions as shipped in Red Hat Enterprise Linux 2.1, 3, and 4 do not support federated storage engine. The MySQL package as shipped in Red Hat Enterprise Linux 5, Red Hat Application Stack v1, and Red Hat Application Stack v2 are not compiled with support for federated storage engine. Not vulnerable. This issue did not affect the versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat does not consider this flaw to be a security issue. For more information please see: https://bugzilla.redhat.com/show_bug.cgi?id=426437 The versions of SquirrelMail packages shipped in Red Hat Enterprise Linux 3, 4, and 5 were not affected by this issue. In addition, the Red Hat Security Response Team have verified that the malicious code is not part of released Red Hat Enterprise Linux squirrelmail packages. Not vulnerable. Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 do not ship with the alternate pdftops.pl CUPS printing filter that is affected by this flaw. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0885.html mod_proxy_balancer is shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack v2. We do not plan on correcting this issue as it poses a very low security risk: The balancer manager is not enabled by default, the user targeted by the CSRF would need to be authenticated, and the consequences of an exploit would be limited to a web server denial of service. mod_proxy_balancer is included in the version of Apache HTTP Server as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack v2. Red Hat was unable to reproduce this issue. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. Old versions of the Linux 2.4 kernel allowed the lookup of names containing backslashes over smbfs -- so there were multiple names which would reference any particular file, allowing the bypass of Apache controls such as AddType. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue was corrected with a backported patch for Red Hat Enterprise Linux 2.1 by RHSA-2007:0672. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6514 Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6591 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/#low This issue did not affect versions of Dovecot as shipped with Red Hat Enterprise Linux before version 5. An update to Red Hat Enterprise Linux 5 was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0297.html Red Hat does not consider this flaw a security issue. This flaw is not exploitable beyond causing the web browser to crash. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6720 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue affects the version of httpd package as shipped with Red Hat Enterprise Linux 4. This issue is mitigated by the use of mod_reqtimeout module shipped with the httpd package in Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue did not affect the versions of GNU libc as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue affects the versions of libbind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5, however the vulnerable function is not used by any shipped applications. The Red Hat Security Response Team has therefore rated this issue as having low security impact, a future update may address this flaw. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0122 Red Hat does not consider this to be a security issue. Regression introduced break glob() functionality, but does not bypass security restrictions. Furthermore, "open_basedir" bypass issues are not treated as security sensitive as described at https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This flaw was caused by a third-party vendor patch to the OpenSSL library. This patch has never been used by Red Hat, and this issue therefore does not affect any Fedora, Red Hat, or upstream supplied OpenSSL packages. This issue did not affect the version of boost as shipped with Red Hat Enterprise Linux 4. For Red Hat Enterprise Linux 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0171 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the version of boost as shipped with Red Hat Enterprise Linux 4. For Red Hat Enterprise Linux 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0172 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack v1, and v2, as they are not built with yaSSL support. Not vulnerable. This issue did not affect versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack v1, and v2, as they are not built with yaSSL support. Not vulnerable. These issues did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0414 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future updates will address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. We believe this issue is a duplicate of CVE-2007-5360. Not vulnerable. This issue did not affect versions of tog-pegasus as shipped with Red Hat Enterprise Linux 4, or 5. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360 Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=431526 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Not vulnerable. This does not affect the versions of Firefox or SeaMonkey shipped in Red Hat Enterprise Linux. Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, and Red Hat Application Stack v1. For Red Hat Application Stack v2, issue was addressed via: https://rhn.redhat.com/errata/RHSA-2008-0505.html This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4. Updated kernel packages are available to correct this issue for Red Hat Enterprise Linux 5: https://rhn.redhat.com/errata/RHSA-2008-0129.html Not vulnerable. This issue did not affect the versions of PCRE as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0883 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect versions of pax as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect versions of pcre as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of cups as shipped with Red Hat Enterprise Linux 3, 4, or 5. The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html The risks associated with fixing this bug are greater than the low severity security risk.We therefore currently have no plans to fix this flaw in Red HatEnterprise Linux. For more information please see the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=435420 Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1142 This issue does not affect Red Hat Enterprise Linux 3, 4, or 5. The Red Hat Security Response Team has rated this issue as having low security impact. Due to the minimal security consequences of this issue, we do not intend to fix this in Red Hat Enterprise Linux 2.1. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue was addressed in affected versions of Ruby as shipped in Red Hat Enterprise Linux 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2008-0897.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1198 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1199 This issue does not affect the default configuration of Dovecot as shipped in Red Hat Enterprise Linux. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. An update to Red Hat Enterprise Linux 5 was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0297.html Not vulnerable. This issue did not affect versions of Dovecot as shipped with Red Hat Enterprise Linux 4 or 5. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0612.html Not vulnerable. This issue did not affect versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary. Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat has re-evaluated the potential impact of this flaw and has released an update which corrects this behavior: http://rhn.redhat.com/errata/RHSA-2008-0893.html This issue does not affect the version of libpng as shipped with Red Hat Enterprise Linux 3. Updates for affected versions of Red Hat Enterprise Linux can be found here: http://rhn.redhat.com/errata/RHSA-2009-0333.html Red Hat do not consider this to be a security vulnerability: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1384 Red Hat does not consider this to be a security issue. Properly written application should not use arbitrary untrusted data as part of the format string passed to functions as strfmon or printf family functions. http://rhn.redhat.com/errata/RHSA-2008-0533.html All openssh versions shipped in Red Hat Enterprise Linux 5 include the patch for this issue. This issue was fixed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2005-527.html Red Hat Enterprise Linux 3 is affected by this issue. The Red Hat Security Response Team has rated this issue as having low security impact. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1483 This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 5, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2008-0972.html Not vulnerable. This issue does not affect the versions of gnupg packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 or 5. Red Hat does not consider this issue to be a security flaw as SILC is not used in a vulnerable manner in Red Hat Enterprise Linux 4 and 5. More information can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=440049 The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html Red Hat does not consider this libTIFF bug to be a security issue. This issue did not affect the audit packages as shipped with Red Hat Enterprise Linux 4. Red Hat is not treating this issue as a security vulnerability for Red Hat Enterprise Linux 5 as no application used the affected interface, and the only result is a controlled application termination as the overflow is detected by the FORTIFY_SOURCE protection mechanism. We plan to address this as non-security bug fix in updated audit packages for Red Hat Enterprise Linux 5.2. For further details, please see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1628 Not vulnerable. These issues did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This flaw does not affect teh version of wu-ftpd as shipped in Red Hat Enterprise Linux 2.1. Not vulnerable. This issue did not affect versions of KDE as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect versions of KDE as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2, 3, 4, 5 or Red Hat Enterprise MRG. The but existed on Red Hat Enterprise Linux 3, 4, and 5. However, this is only a security issue if the SLOB or SLUB memory allocators were used (introduced in Linux kernel versions 2.6.16 and 2.6.22, respectively). All Red Hat Enterprise Linux and Red Hat Enterprise MRG kernels use the SLAB memory allocator, which in this case, cannot be exploited to allow arbitrary code execution. As a preventive measure, the underlying bug was addressed in Red Hat Enterprise Linux 3, 4, and 5, via the advisories RHSA-2008:0973, RHSA-2008:0508, and RHSA-2008:0519, respectively. Not vulnerable. This issue did not affect versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of mod_ssl or httpd as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 prior to 5.3. In Red Hat Enterprise Linux 5.3, OpenSSL packages were rebased to upstream version 0.9.8e via RHBA-2009:0181 (https://rhn.redhat.com/errata/RHBA-2009-0181.html), introducing this problem in Red Hat Enterprise Linux 5. Updated httpd packages were released via: https://rhn.redhat.com/errata/RHSA-2009-1075.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1679 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ The Red Hat Security Response Team is aware of this new gcc behavior and is currently working to determine what impact these changes will have on the source code processed by the compiler. These changes do not affect Red Hat Enterprise Linux 2, 3, 4, or 5. Red Hat does not consider this to be a security issue. After careful analysis of this issue the Red Hat Security Response Team has determined that this bug has no security impact outside of expected m4 behavior. Red Hat does not consider this to be a security issue. After careful analysis of this issue the Red Hat Security Response Team has determined that this bug has no security impact outside of expected m4 behavior. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1694 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Not vulnerable. This issue did not affect versions of rsync as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=442005 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Not vulnerable. This issue did not affect the versions of rdesktop as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1891 The risks associated with fixing this flaw outweigh the benefits of the fix. Red Hat does not plan to fix this flaw in Red Hat Enterprise Linux. Red Hat is aware of this issue affecting Red Hat Enterprise Linux 5 and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1926 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue has been addressed in Red Hat Enterprise Linux 4 with the following update: https://rhn.redhat.com/errata/RHSA-2009-0981.html This is not a security flaw in Struts. Struts has never guaranteed to perform filtering of the untrusted user inputs used as html tag attributes names or values. If user inputs need to be used as part of the tag attributes, the JSP page needs to perform filtering explicitly. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2025 This issue does not affect the version of PHP shipped in Red Hat Enterprise Linux 2.1, 3, or 4. We do not consider this issue to be a security flaw for Red Hat Enterprise Linux 5 since no trust boundary is crossed. More information can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2050 This issue did not affect MySQL as supplied with Red Hat Enterprise Linux 3. This issue was addressed for Red Hat Enterprise Linux 4, 5, and Red Hat Application Stack v1, v2: https://rhn.redhat.com/cve/CVE-2008-2079.html Not vulnerable. Red Hat Enterprise Linux 2.1, 3, 4, and 5 do not ship for the SPARC architecture. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in emacs. This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the "AddDefaultCharset" directive. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2168 Not vulnerable. This issue does not affect the version of c++filt as shipped with binutils in Red Hat Enterprise Linux 3 or 4. Although this bug is present in the version of c++filt as shipped with binutils in Red Hat Enterprise Linux 5, the format string protection from FORTIFY_SOURCE makes this unexploitable. Not vulnerable. This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Affected module was only introduced upstream in python 2.5. This issue does not affect the versions of mtr as shipped with Red Hat Enterprise Linux 4 or 5. For Red Hat Enterprise Linux 2.1 and 3, this issue can only be exploited if an attacker can convince victim to use mtr to trace path to or via the IP, for which an attacker controls PTR DNS records. Additionally, the victim must run mtr in "split mode" by providing -p or --split command line options. The Red Hat Security Response Team has therefore rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0519.html Not vulnerable. This issue did not affect the versions of pan as shipped with Red Hat Enterprise Linux 2.1. No other versions of Red Hat Enterprise Linux have shipped Pan. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Not vulnerable. This issue did not affect the versions of PCRE as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 4, or 5. Not vulnerable. This issue did not affect the version of the Xen package as shipped with Red Hat Enterprise Linux 5. Not vulnerable. OCSP protocol support was only implemented in upstream stunnel version 4.16. Therefore OCSP protocol is not available in the versions of stunnel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Not vulnerable. These issues did not affect the versions of NASM as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, Red Hat Application Stack 1, or Solaris versions of Red Hat Directory Server 7.1 and 8, Certificate System 7.x. Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. For more details see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2829 Not vulnerable. This issue did not affect the versions of XChat as shipped with Red Hat Enterprise Linux. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0885.html Not vulnerable. This issue did not affect the versions of firefox as shipped with Red Hat Enterprise Linux 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=456347 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ These issue was addressed in all affected httpd versions as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0967.html This issue is tracked via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2939 The Red Hat Security Response Team has rated this issue as having low security impact, future updates may address this flaw in other affected products (such as Red Hat Application Stack). Not vulnerable. This issue did not affect the versions of poppler as shipped with Red Hat Enterprise Linux 5, or other PDF parsing applications derived from the xpdf code as shipped in Red Hat Enterprise Linux 2.1, 3, 4, or 5. According to RealNetworks this flaw does not affect the Linux version of RealPlayer. According to RealNetworks this issue does not affect the Linux version of RealPlayer. Not vulnerable. This issue did not affect the versions of sudo as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of the Vim packages, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. Note: This CVE is mentioned in the text of RHSA-2008:0580 (https://rhn.redhat.com/errata/RHSA-2008-0580.html), as it was originally used to track multiple issues. Issues that affected Vim packages in Red Hat Enterprise Linux 5 were later assigned separate CVE identifier - CVE-2008-6235. Neither of issues currently covered by CVE-2008-3076 (insufficient shell escaping in mz and mc commands) affected Vim packages shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. We do not consider a crash of a client application such as ImageMagick to be a security issue. The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5 The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-3196 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the version of dnsmasq as shipped with Red Hat Enterprise Linux 5. Upon investigating this issue, the Red Hat Security Response Team has determined that this is not a vulnerability. The ability to specify a desired role when connecting to OpenSSH is a feature of how OpenSSH interacts with SELinux. Users can only assign themselves SELinux roles which they have permission to access. They cannot assign themselves arbitrary roles. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue can only be exploited during the package build and it does not affect users of pre-built packages distributed with Red Hat Enterprise Linux. Therefore, we do not plan to backport a fix for this issue to already released version of Red Hat Enterprise Linux 2.1, 3, 4, and 5. Not vulnerable. This issue did not affect the versions of links as shipped with Red Hat Enterprise Linux 2.1, and versions of elinks as shipped with Red Hat Enterprise Linux 3, 4, or 5. Versions of links / elinks shipped do not support "only proxies" feature. Not vulnerable. These issues did not affect the version of dnsmasq as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of OpenOffice.org as shipped with Red Hat Enterprise Linux 3, 4, or 5. The updated Red Hat Enterprise Linux packages are not distributed via the openoffice.org update service, but rather via Red Hat Network, using the package manager capabilities to verify authenticity of updates. Not vulnerable. This issue did not affect the versions of Sun Java packages as shipped with Red Hat Enterprise Linux 4 Extras, or 5 Supplementary. The updated Red Hat Enterprise Linux packages are not distributed via the java.sun.com update service (which is only used for Windows version of Sun Java), but rather via Red Hat Network, using the package manager capabilities to verify authenticity of updates. Red Hat does not consider this flaw a security issue. This flaw is not exploitable beyond causing the web browser to crash. This flaw does not affect the Linux version of RealVNC as shipped in Red Hat Enterprise Linux. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. The uvcvideo driver was first added in kernel packages update RHSA-2009:0225 in Red Hat Enterprise Linux 5.3, and it already contained a fix for this flaw. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0957.html This issue does not affect the versions of the yelp package, as shipped with Red Hat Enterprise Linux 3, 4 and 5. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html This issue has been addressed in the affected versions of PHP packages shipped in Red Hat Enterprise Linux via advisories listed on the following page: https://rhn.redhat.com/errata/CVE-2008-3658.html The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. This issue has been fixed in the affected Red Hat Enterprise Linux versions via: https://rhn.redhat.com/errata/RHSA-2009-0010.html Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. Not vulnerable. This issue did not affect the version of Xen hypervisor as shipped with Red Hat Enterprise Linux 5, as it does not support XSM. Not vulnerable. This issue did not affect the versions of neon as shipped with Red Hat Enterprise Linux 4, or 5. Not vulnerable. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html This issue did not affect the version of pam_krb5 shipped in Red Hat Enterprise Linux 2.1, 3, or 4. Not vulnerable. This issue did not affect the version of utrace as shipped with the Red Hat Enterprise Linux 5 kernel. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0957.html Not vulnerable. This issue did not affect the versions Postfix as shipped with Red Hat Enterprise Linux 3, 4, or 5. Red Hat does not consider this to be a security issue. Since these operations can only be executed by root, no trust boundary is crossed as a result of this behaviour. Red Hat does not consider this to be a security issue. Since these operations can only be executed by root, no trust boundary is crossed as a result of this behaviour. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html Not vulnerable. This issue did not affect the versions of the emacs package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue did not affect MySQL as supplied with Red Hat Enterprise Linux 3 or 4. This issue was addressed for Red Hat Enterprise Linux 5 and Red Hat Application Stack v2 https://rhn.redhat.com/cve/CVE-2008-3963.html Not vulnerable. These issues did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0110.html and in Red Hat Application Stack v2 via https://rhn.redhat.com/errata/RHSA-2009-1067.html . In Red Hat Enterprise Linux 5, issue CVE-2008-2079 was fixed without introducing CVE-2008-4098 in https://rhn.redhat.com/errata/RHSA-2009-1289.html . The risks associated with fixing this bug are greater than the security risk. We therefore currently have no plans to fix this flaw in Red HatEnterprise Linux 2.1, 3, 4, or 5. For more information please see our bug for this issue: https://bugzilla.redhat.com/show_bug.cgi?id=462772 Not vulnerable. This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. The patch used to fix CVE-2006-5051 in Red Hat Enterprise Linux 2.1, 3, 4, and 5 was complete and does not suffer from this problem. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html Not vulnerable. This flaw does not affect the version of BIND as shipped in Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue has been addressed via: https://rhn.redhat.com/errata/RHSA-2009-0402.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=460435 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Not vulnerable. This issue did not affect the versions of rsh-server packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. The glibcs ruserok function is used to check users authorization against rhosts files. That implementation of ruserok never opens /etc/hosts.equiv for superuser. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0957.html Not vulnerable. This issue did not affect the versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. We do not consider a crash of a client application such as Konqueror to be a security issue. Not vulnerable. ndiswrapper is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. Not vulnerable. This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4456 This issue was addressed for Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1289.html and Red Hat Enterprise Linux 4 by https://rhn.redhat.com/errata/RHSA-2010-0110.html . The Red Hat Security Response Team has rated this issue as having low security impact, future MySQL package updates may address this flaw for Red Hat Enterprise Linux 3, and Red Hat Application Stack 2. Not vulnerable. This issue did not affect the versions of freeradius as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not Vulnerable. Red Hat Enterprise MRG does not use Xerces-C++ in a manner that is vulnerable to this flaw. We do not consider a crash of a client application such as Konqueror to be a security issue. This issue affected Red Hat Enterprise Linux 5 and was addressed by https://rhn.redhat.com/errata/RHSA-2009-1321.html The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 5. Manual fencing agent is documented to only be provided for testing purposes and should not be used in production environments. Therefore, there is no plan to fix this flaw in Red Hat Cluster Suite for Red Hat Enterprise Linux 4, and in Red Hat Enterprise Linux 5. The attacks reported by Outpost24 AB target the design limitations of the TCP protocol. Due to upstreams decision not to release updates, Red Hat do not plan to release updates to resolve these issues however, the effects of these attacks can be reduced via the mitigation methods as written in http://kbase.redhat.com/faq/docs/DOC-18730. The versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 were not affected by this issue. This issue only affected the version of Linux kernel as shipped with Red Hat Enterprise MRG and was addressed via: https://rhn.redhat.com/errata/RHSA-2009-0009.html Not vulnerable. This issue did not affect the versions of vim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue has been addressed in Wireshark packages as shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-0313.html This issue has been addressed in Wireshark packages as shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-0313.html This issue has been addressed in Wireshark packages as shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-0313.html This issue has been addressed in Wireshark packages as shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-0313.html This issue has been addressed in Wireshark packages as shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-0313.html This issue has been addressed in Wireshark packages as shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-0313.html Red Hat does not consider this to be a security flaw. Firefox is handling the ftp:// URL as expected. This issue can only cause pamperspective to crash when used on specially crafted messages. We do not consider this to be a security issue. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-4865 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Not vulnerable. This issue did not affect the versions of the dovecot package, as shipped with Red Hat Enterprise Linux 4 or 5. Not vulnerable. This issue did not affect the versions of mgetty as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, as they include patch that resolves this issue. Not vulnerable. This issue did not affect the versions of OpenOffice.org as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of postfix as shipped with Red Hat Enterprise Linux 3, 4, or 5. Mentioned script is not part of the official postfix distribution and is not included in Red Hat Enterprise Linux postfix packages. The affected code is not used by any application shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5. The impact of this flaw is limited to a crash of the applications connecting to a misbehaving SMTP server. Due to those reasons, theres currently no plan to include the fix in the imap packages as shipped in Red Hat Enterprise Linux 2.1 and 3, and the libc-client packages as shipped in Red Hat Enterprise Linux 4 and 5. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. The issue was addressed in the Linux kernel packages as shipped with Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-0053.html This issue was addressed for Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1287.html After reviewing the upstream fix for this issue, Red Hat does not intend to address this flaw in Red Hat Enterprise Linux 3 or 4 at this time. Not vulnerable. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3, 4, or 5. Versions shipped do not support RSS subscriptions. Not vulnerable. This issue does not affect the versions of imlib as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. This issue has been addressed in Wireshark packages as shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-0313.html Not vulnerable. This issue did not affect the versions of dovecot as shipped with Red Hat Enterprise Linux 4, or 5. Those packages do not include ManageSieve server. This issue has been addressed in perl packages as shipped in Red Hat Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2010-0457.html and Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0458.html. This issue has been addressed in perl packages as shipped in Red Hat Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2010-0457.html and Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0458.html. The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in Red Hat Enterprise Linux 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-5374 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Not vulnerable. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3, 4, or 5. Affected script is not part of the upstream CUPS distribution, but rather an addition used by Debian-based distributions (and possibly others). CUPS packages as shipped in Red Hat Enterprise Linux 5 also provide pstopdf filter. However, that filter is different from the one used in Debian-based distributions, and is unaffected by this flaw. Additionally, all filters used by CUPS on all versions of Red Hat Enterprise Linux are run under an unprivileged "lp" user, making the root privilege escalation mentioned in the published exploit impossible. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. It only affected the Ubuntu Privacy Remix (UPR) kernel. Not vulnerable. This issue did not affect the versions of the util-linux packages (providing /bin/login), as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. Red Hat does not provide support for the Linux kernel on the PA-RISC architecture. Not vulnerable. This issue did not affect the versions of imap as shipped with Red Hat Enterprise Linux 2.1 and 3, and the versions of libc-client as shipped with Red Hat Enterprise Linux 4 and 5. Not vulnerable. This issue did not affect the version of the rsyslog package, as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the version of the rsyslog package, as shipped with Red Hat Enterprise Linux 5. We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php We do not consider this to be a security issue. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1. PHP version in Red Hat Application Stack v2 was fixed via: https://rhn.redhat.com/errata/RHSA-2009-0350.html The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 5. Red Hat does not consider a crash of a client application such as Konqueror to be a security issue. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. Red Hat does not provide support for the Linux kernel on the MIPS architecture. Red Hat does not consider a crash of a client application such as Konqueror to be a security issue. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-0264.html Not vulnerable. This issue did not affect the versions of Xen as shipped with Red Hat Enterprise Linux 5. Red Hat does not consider a crash of a client application such as Firefox to be a security issue. Not vulnerable. This issue did not affect the versions of Xen as shipped with Red Hat Enterprise Linux 5. Security update released to address CVE-2008-4405 - https://rhn.redhat.com/errata/RHSA-2009-0003.html - contained correct patch which did not introduce this problem and resolved the original issue. Red Hat does not consider a crash of a client application such as Firefox to be a security issue. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=479966 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Not vulnerable. This issue did not affect the versions of the php package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, and with Red Hat Application Stack v1 and v2. Only PHP version 5.2.7 was affected by this flaw. Red Hat does not consider this bug to be a security issue. For a more detailed explanation, please see the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5907 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect the versions of the eog package, as shipped with Red Hat Enterprise Linux 3, 4, and 5. Not vulnerable. Red Hat Enterprise Linux 2.1, 3, 4, and 5 do not ship for the SPARC architecture. Red Hat does not consider this bug a security flaw. For more details please see the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=468990 Red Hat does not consider this to be a security issue. The misbehaviour of CMAN is triggered by corrupted / specially crafted cluster.conf configuration file. Ability to edit this file is restricted to system administrator, therefore no privilege boundary is crossed. This is not a security issue. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-7002#c7 This is not a security issue. A user with read and write access to a file can reasonably be expected to manipulate the contents of the file, including truncating it. Instead of using dba_replace(), a user could simply fopen() the file in write mode, which provides the same end-result. Not vulnerable. This issue did not affect the versions of libsilc as shipped with Red Hat Enterprise Linux 4, or 5. Not vulnerable. This issue did not affect the versions of libsilc as shipped with Red Hat Enterprise Linux 4, or 5. Not vulnerable. This issue did not affect the versions of nasm as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 as they did not include nfs-export support for tmpfs. A future kernel update in Red Hat Enterprise MRG will address this issue. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue was addressed in Red Hat Enterprise Linux 5 and 6 by rebasing Firefox to 10.0.0 ESR. Not vulnerable. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 and Red Hat Enterprise MRG. This flaw affects most 64-bit architectures, including IBM S/390 and 64-bit PowerPC, but it does not affect x86_64 or Intel Itanium. The risks associated with fixing this flaw are greater than the security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5. Red Hat Enterprise MRG is not affected as it is not supported on 64-bit architectures other than x86_64. Not vulnerable. Red Hat does not ship the vulnerable backend that causes this flaw. Red Hat does not consider a crash of a client application such as Firefox to be a security issue. Not vulnerable. This issue did not affect the versions of hplip as shipped with Red Hat Enterprise Linux 5. Red Hat does not consider this to be a security issue. M2Crypto provides python interfaces to multiple OpenSSL functions. Neither of those interfaces is further used by M2Crypto in an insecure way. Additionally, no application shipped in Red Hat Enterprise Linux is known to use affected interfaces provided by M2Crypto. Further details can be found in the following bug report: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127#c1 Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0164 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0179 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0241 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update of Red Hat HPC Solution may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat does not consider this to be a security issue. For more information, please see the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0242 This issue can only result in an OpenOffice.org crash, not allowing arbitrary code execution. Red Hat does not consider a crash of a client application such as OpenOffice.org to be a security issue. Not vulnerable. This issue did not affect the versions of BIND as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, and Red Hat Enterprise MRG. This issue does not affect gedit as shipped in Red Hat Enterprise Linux 3 and 4. It does affect gedit in Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect xchat for Red Hat Enterprise Linux 3. This issue does affect xchat for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect vim as shipped in Red Hat Enterprise Linux 3 and 4. This issue does affect vim in Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Not vulnerable. This issue did not affect the versions of the pam_krb5 package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of the pam_krb5 package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the version of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of pam as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Only PAM versions 1.x were affected. This issue was fixed in openssl packages in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-1335.html This issue was fixed in openssl packages in Red Hat Enterprise Linux 3 and 4 via: https://rhn.redhat.com/errata/RHSA-2010-0163.html Not vulnerable. This issue affected OpenSSL CMS functionality which is not present in the openssl packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5. Red Hat does not consider this to be a security issue. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0601#c3 Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5, or Red Hat Enterprise MRG. Not vulnerable. This issue was addressed in upstream OpenSSL prior to 0.9.6 and therefore does not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Disputed: The Red Hat Security Response Team have been unable to confirm the existence of this format string vulnerability in the toolkit, and the sample published exploit is not complete or functional. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as the affected driver is not enabled in these kernels by default. The affected driver is enabled by default in Red Hat Enterprise Linux 2.1, 3, 5, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2009-0326.html and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-0360.html . As Red Hat Enterprise Linux 2.1 and 3 are now in Production 3 of their maintenance life-cycle, http://www.redhat.com/security/updates/errata, and this issue has been rated as having moderate impact, the fix for this issue is not currently planned to be included in the future updates. The upstream fix for this issue is not backwards compatible and introduces an ABI change not allowed in Red Hat Enterprise Linux. Therefore, there is no plan to address this problem directly in cyrus-sasl packages. All applications shipped in Red Hat Enterprise Linux and using affected sasl_encode64() function were investigated and patched if their use of the function could have security consequences. See following bug report for further details: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0688#c20 This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. This issue was addressed in Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1243.html This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. This issue was addressed in Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1243.html This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. This issue was addressed in Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1243.html This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. This issue was addressed in Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1243.html Not vulnerable. This issue did not affect the versions of poppler, xpdf, gpdf and kdegraphics as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue is a duplicate of CVE-2009-0166, which was addressed in affected products via following updates: https://rhn.redhat.com/errata/CVE-2009-0166.html This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-0326.html . Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0781 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-0473.html . Not vulnerable. This issue only affects a small number of operating systems and does not affect the openssl packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0793 The Red Hat Security Response Team has rated this issue as having low security impact, a future lcms packages update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0796 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future mod_perl package update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0801 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Not vulnerable. This issue did not affect the versions of mysql packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5, and Red Hat Application Stack v2. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-0451.html . Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, or Red Hat Enterprise MRG. Red Hat does not consider this issue to be a security vulnerability. Affected function is only used to parse PAM configuration files and this bug can only be triggered by specific configuration created by the system administrator. This issue has been addressed in Red Hat Enterprise Linux 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-1484.html and in Red Hat Application Stack v2 via: https://rhn.redhat.com/errata/RHSA-2009-1067.html Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, or Red Hat Enterprise MRG. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-0451.html . This issue has been rated as having moderate security impact. It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG, via https://rhn.redhat.com/errata/RHSA-2009-1132.html , https://rhn.redhat.com/errata/RHSA-2009-1106.html , and https://rhn.redhat.com/errata/RHSA-2009-1081.html . This issue is not planned to be fixed in Red Hat Enterprise Linux 2.1 and 3, due to these products being in Production 3 of their maintenance life-cycles, where only qualified security errata of important or critical impact are addressed. This issue has been fixed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2009-0427.html . udev packages as shipped in Red Hat Enterprise Linux 4 were not affected by this flaw, as they do not use netlink sockets for communication. udev is not shipped in Red Hat Enterprise Linux 2.1 and 3. Not vulnerable. This issue did not affect the versions of udev as shipped with Red Hat Enterprise Linux 4, or 5. Red Hat does not consider this to be a security issue. Affected file is supposed to be used to exchange information between local system users, therefore open permissions are intentional. Red Hat does not consider this to be a security issue. The checks implemented by screen to protect against race condition attacks on /tmp/screen-exchange file provide sufficient protection for this rarely-used buffer exchange feature. For more details, see https://bugzilla.redhat.com/show_bug.cgi?id=492104 https://bugzilla.mozilla.org/show_bug.cgi?id=485941 Red Hat does not consider a user-assisted crash of a client application such as Firefox to be a security issue. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 4, 5, or Red Hat Enterprise MRG, as the affected driver is not enabled in these kernels. The affected driver is available in Red Hat Enterprise Linux 3, but only if the kernel-unsupported package is installed. This issue has been rated as having moderate security impact as it does not lead to a denial of service or privilege escalation. As Red Hat Enterprise Linux 3 is now in Production 3 of its maintenance life-cycle, http://www.redhat.com/security/updates/errata, and the affected driver can only be enabled when using the unsupported kernel-unsupported package, a fix for this issue is not currently planned to be included in the future updates. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1. PHP version in Red Hat Application Stack v2 was fixed via: https://rhn.redhat.com/errata/RHSA-2009-0350.html Not vulnerable. This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1 and v2. This problem was introduced in the fix for CVE-2008-5658. Patch for CVE-2008-5658 as used in Red Hat Application Stack v2 also includes the fix for this crash too. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-1284 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of ecryptfs-utils as shipped with Red Hat Enterprise Linux 5. eCryptfs encrypted home directories are not set up during the system installation, so theres no possibility for leaking encryption passwords to the installation log file. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include upstream commit 7c73a6fa that introduced the problem. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1081.html . This flaw was caused by a C2Net specific patch added to Apache http_log.c in Stronghold 2.3. C2Net Stronghold 2.3 reached end of life for updates on October 31st 2000. http://www.awe.com/mark/history/stronghold.html Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, or Red Hat Enterprise MRG. This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. This issue was addressed for Red Hat Enterprise Linux 5 by http://rhn.redhat.com/errata/RHSA-2009-1335.html Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl. This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. This issue was addressed for Red Hat Enterprise Linux 5 by http://rhn.redhat.com/errata/RHSA-2009-1335.html Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl. This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. This issue was addressed for Red Hat Enterprise Linux 5 by http://rhn.redhat.com/errata/RHSA-2009-1335.html Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl. Not vulnerable. This issue did not affect the versions of squirrelmail as shipped with Red Hat Enterprise Linux 3, 4, or 5. Updates for squirrelmail released via RHSA-2009:1066 (https://rhn.redhat.com/errata/RHSA-2009-1066.html) fixed original flaw CVE-2009-1579 without introducing CVE-2009-1381. This issue did not affect the versions of the pam_krb5 packages, as shipped with Red Hat Enterprise Linux 3 and 4. The issue was addressed in the pam_krb5 packages as shipped with Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0258.html This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise 5 via: https://rhn.redhat.com/errata/RHSA-2009-1193.html Not vulnerable. This issue did not affect the versions of mutt as shipped with Red Hat Enterprise Linux 3, 4, or 5. Only mutt version 1.5.19 was affected by this flaw. Not vulnerable. This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5 as it only affected gnutls 2.6.x versions. Not vulnerable. This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5 as it only affected gnutls 2.6.x versions. The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 4, or 5. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1417 The impact of this flaw is limited to application crash, not allowing code execution. Red Hat does not consider a user-assisted crash of a client application such as media players using GStreamer framework to be a security issue. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1438 Based on our analysis this issue does not have a security consequence and does not lead to a buffer overflow or denial of service. For more details of our technical evaluation see https://bugzilla.redhat.com/show_bug.cgi?id=499252#c18 Not vulnerable. This issue did not affect the versions of libmodplug embedded in gstreamer-plugins as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for the PAT file type. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, or Red Hat Enterprise MRG. This CVE entry is a duplicate of CVE-2009-0689 and has been rejected; please refer to that CVE entry for additional product fixes and information. Not vulnerable. This issue did not affect the versions of zebra as shipped with Red Hat Enterprise Linux 2.1, and the versions of quagga as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, and 3. It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1132.html , https://rhn.redhat.com/errata/RHSA-2009-1106.html , and https://rhn.redhat.com/errata/RHSA-2009-1157.html . Red Hat does not consider this to be a security issue. By default, user home directories are created with mode 0700 permissions, which would not expose the ~/.evolution/ directory regardless of its own permissions. If a user intentionally relaxes permissions on their home directory, they should be auditing all files and directories in order to not expose unwanted files to other local users. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, and 3. It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1211.html , https://rhn.redhat.com/errata/RHSA-2009-1106.html , and https://rhn.redhat.com/errata/RHSA-2009-1157.html . Not vulnerable. This issue did not affect the versions of the kdelibs packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of the kdelibs packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2009-1132.html and https://rhn.redhat.com/errata/RHSA-2009-1106.html . This issue did not affect kernel packages as shipped in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 1. It was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2009-1438.html . This issue has been rated as having moderate security impact. It is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/ Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-1885 The Red Hat Security Response Team has rated this issue as having low security impact, a future xerces-c packages update in Red Hat Enterprise MRG 1.1 may address this flaw. Not vulnerable. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did not affect Red Hat Enterprise Linux 3. It was addressed in Red Hat Enterprise Linux 4 and 5 via RHSA-2009:1529: https://rhn.redhat.com/errata/RHSA-2009-1529.html Not vulnerable. Red Hat Enterprise Linux 3, 4, and 5 provide earlier versions of ISC DHCP which are not vulnerable to this issue. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-1897 The flaw only affects the Red Hat Enterprise Linux 5.4 beta kernel, which includes a backport of the upstream bug fix introducing this flaw (git commit 33dccbb0). This issue did not affect the final released Red Hat Enterprise Linux 5.4 kernel. It is also possible to mitigate this flaw by ensuring that the permissions for /dev/net/tun is restricted to root only. This issue does not affect any other released kernel in any Red Hat product. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. Red Hat does not provide support for the Linux kernel on the SPARC64 architecture. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5. It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1157.html This issue has been addressed in Red Hat Enterprise Linux 3, 4, and 5 via https://rhn.redhat.com/errata/RHSA-2010-0534.html. Not vulnerable. This issue did not affect the versions of openoffice.org and openoffice.org2 packages as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of stardict as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5, and Red Hat Enterprise MRG. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG did not include support for eCryptfs, and therefore are not affected by this issue. Red Hat Enterprise Linux 5 was vulnerable to this issue and was addressed via: https://rhn.redhat.com/errata/RHSA-2009-1193.html The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG did not include support for eCryptfs, and therefore are not affected by this issue. Red Hat Enterprise Linux 5 was vulnerable to this issue and was addressed via: https://rhn.redhat.com/errata/RHSA-2009-1193.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2446 This issue was addressed for Red hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1289.html and Red Hat Enterprise Linux 4 by https://rhn.redhat.com/errata/RHSA-2010-0110.html . The Red Hat Security Response Team has rated this issue as having low security impact, future MySQL package updates may address this flaw for Red Hat Enterprise Linux 3 and Red Hat Application Stack 2. Red Hat does not consider a user-assisted crash of a client application such as Konqueror to be a security issue. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5. The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2010-0360.html Vectors (1) Bluetooth L2CAP and (3) MIOP did not affect the versions of the Wireshark package, as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5. The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2010-0360.html The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2010-0360.html Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of gzip as shipped with Red Hat Enterprise Linux 3, 4, or 5. Red Hat does not consider this flaw to be a security issue. The bug can only be triggered by the PHP script author, which does not cross trust boundary. This issue was addressed in php packages shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2010-0040.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-2688 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ The Red Hat Security Response Team has rated this issue as having moderate security impact. We currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, and 5 as it is not possible to trigger the information leak if the suid_dumpable tunable is set to zero (which is the default). It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1540.html Red Hat is aware of this issue. Please see http://kbase.redhat.com/faq/docs/DOC-18065. Updates for Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG to correct this issue are available: https://rhn.redhat.com/cve/CVE-2009-2692.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2693 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue has been addressed in JBoss Enterprise Web Server 1.0.1: https://rhn.redhat.com/errata/RHSA-2010-0119.html This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG. Updates for Red Hat Enterprise Linux 3, 4 and 5 to correct this issue are available: https://rhn.redhat.com/cve/CVE-2009-2698.html This flaw does not affect the version of APR shipped in Red Hat Enterprise Linux. This flaw affected JBoss Enterprise Web Server running on the Solaris platform. Updated httpd packages are available for download from Customer Support Portal. Not vulnerable. This issue did not affect the versions of qt and qt4 as shipped with Red Hat Enterprise Linux 3, 4, or 5. Affected code was introduced upstream in version 4.3. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2702 This issue did not affect kdelibs packages as shipped in Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of ia32el as shipped with Red Hat Enterprise Linux 3, 4 or 5. Not vulnerable. This issue only affected kernels version 2.6.28-rc1 and later. Therefore this issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG.. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. Red Hat does not provide support for flat binary support, and additionally this issue only affected kernels version 2.6.29-rc1 and later. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. Please note this issue only affected Linux kernel versions after v2.6.30-rc1 and was fixed in v2.6.31-rc6. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. Red Hat does not provide support for the Linux kernel on the PA-RISC architecture. This issue has been rated as having moderate security impact. It was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG: http://rhn.redhat.com/cve/CVE-2009-2847.html This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/ Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2849 The flaw was introduced in kernel version 2.6.17-rc1. The Linux kernel as shipped with Red Hat Enterprise Linux 3, and 4 are not affected by this issue. It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1540.html A future kernel update for Red Hat Enterprise Linux 5 will address this flaw. This issue did not affect the versions of the squid packages, as shipped with Red Hat Enterprise Linux 3 and 4. The issue was addressed in the squid packages as shipped with Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0221.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2901 This issue did not affect Tomcat versions running on Linux or Solaris systems. This issue is fixed in the tomcat5 and tomcat6 packages released with JBoss Enterprise Web Server 1.0.1 for Windows. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2902 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue has been addressed in JBoss Enterprise Web Server 1.0.1: https://rhn.redhat.com/errata/RHSA-2010-0119.html Red Hat is aware of this issue. Please see http://kbase.redhat.com/faq/docs/DOC-19077 This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5, as the affected driver is not enabled in these kernels. The affected driver is available in Red Hat Enterprise MRG. It is also available in Red Hat Enterprise Linux 3, but only if the kernel-unsupported package is installed. Future kernel updates in Red Hat Enterprise Linux 3 and Red Hat Enterprise MRG will address this issue. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG do not include support for eCryptfs, and therefore are not affected by this issue. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-1548.html This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, or Red Hat Enterprise MRG, as the affected driver is not enabled in these kernels. The affected driver is available in Red Hat Enterprise Linux 3, but only if the kernel-unsupported package is installed. Future kernel update in Red Hat Enterprise Linux 3 may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-2910 It has been rated as having moderate security impact. It was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1671.html , https://rhn.redhat.com/errata/RHSA-2010-0046.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively. This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important and critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/ Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. Red Hat does not provide support for PF_LLC sockets in the Linux kernels. CVE-2009-3002 describes a collection of similar information leaks that affect numerous networking protocols. The Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 did not enable support for the AppleTalk DDP protocol, and therefore were not affected by issue (1). It was addressed in Red Hat Enterprise Linux 3 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1550.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively. The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG did not enable support for IrDA sockets, and therefore were not affected by issue (2). It was addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG did not enable support for the Acorn Econet and AUN protocols, and therefore were not affected by issue (3). The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG did not enable support for the NET/ROM and ROSE protocols, and therefore were not affected by issues (4) and (5). They were addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html The raw_getname() leak was introduced in the Linux kernel version 2.6.25-rc1. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG therefore were not affected by issue (6). Not vulnerable. This issue did not affect the versions of pidgin as shipped with Red Hat Enterprise Linux 3, 4, or 5. Red Hat has released updates to correct this issue: https://rhn.redhat.com/errata/RHSA-2009-1453.html Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG, as they do not contain a backport of the tty ldisc rewrite (upstream commits 65b770468e98 and cbe9352fa08f). Not vulnerable. This issue did not affect the versions of libsilc as shipped with Red Hat Enterprise Linux 4, or 5. Not vulnerable. This issue did not affect the versions of Pidgin packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5. List of the errata fixing this flaw in affected products can be found at: https://www.redhat.com/security/data/cve/CVE-2009-3094.html List of the errata fixing this flaw in affected products can be found at: https://www.redhat.com/security/data/cve/CVE-2009-3095.html Not vulnerable. This issue did not affect the versions of libsilc as shipped with Red Hat Enterprise Linux 4, or 5. This issue was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1522.html , https://rhn.redhat.com/errata/RHSA-2009-1548 and https://rhn.redhat.com/errata/RHSA-2009-1540 respectively. It has been rated as having moderate security impact and is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/ Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 3, 4, or 5. In PostgreSQL versions prior to 8.2, only database administrator was able to LOAD additional plugins and use it to cause server crash. However, this does not bypass trust boundary, so its not a security flaw for older PostgreSQL versions. Additionally, no plugins are shipped in Red Hat PostgreSQL packages by default. This issue was addressed in Red Hat Application Stack v2 via https://rhn.redhat.com/errata/RHSA-2009-1461.html . Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 3, 4, or 5, as they do not support LDAP authentication, which was introduced upstream in version 8.2. This issue was addressed in Red Hat Application Stack v2 via https://rhn.redhat.com/errata/RHSA-2009-1461.html . Not vulnerable. This issue only affected kernels version v2.6.31-rc1 and later. Therefore this issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-3245 This issue was fixed in openssl packages in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0162.html This issue was fixed in openssl096b packages in Red Hat Enterprise Linux 3 and 4 via: https://rhn.redhat.com/errata/RHSA-2010-0173.html The Red Hat Security Response Team has rated this issue as having low security impact on openssl packages in Red Hat Enterprise Linux 3 and 4, a future update may address this flaw. Not vulnerable. This vulnerability was introduced into the Linux kernel in version 2.6.30-rc1 via upstream commit 2a519311, and therefore does not affect users of Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-1548.html Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. This issue was introduced by upstream commit 10db10d1, and only affected kernels version 2.6.28-rc1 and later. Not vulnerable. This issue does not affect the versions of glib2 as shipped with Red Hat Enterprise Linux 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-3290 This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG as KVM (Kernel-based Virtual Machine) is only supported in Red Hat Enterprise Linux 5. A future kernel update in Red Hat Enterprise Linux 5 will address this flaw. This problem is not a security flaw in the PHP versions 4.3.5 and later. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3293 PHP versions shipped in Red Hat Enterprise Linux 4 and 5 do not need this fix. We do not plan to address this flaw in Red Hat Enterprise Linux 3. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, 4, or 5, and Red Hat Application Stack v2. Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of libtheora as shipped with Red Hat Enterprise Linux 4, or 5. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5. The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2010-0360.html Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555 Additional information can be found in the Red Hat Knowledgebase article: http://kbase.redhat.com/faq/docs/DOC-20491 This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit d025c9db that introduced the problem. This upstream commit was backported in Red Hat Enterprise Linux 5 via RHBA-2008:0314 update. Issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0046.html We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-3564 The Red Hat Security Response Team has rated this issue as having low security impact, a future update for Red Hat Enterprise MRG may address this flaw. Not vulnerable. This issue did not affect the version of poppler as shipped with Red Hat Enterprise Linux 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-3612 This issue has been rated as having moderate security impact. It was addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1670.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively. A future kernel update in Red Hat Enterprise Linux 4 will address this flaw. This issue is not planned to be fixed in Red Hat Enterprise Linux 3 due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about the Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/ Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-3621 This issue has been rated as having moderate security impact. It was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1671.html , https://rhn.redhat.com/errata/RHSA-2009-1670.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively. This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/ Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, or Red Hat Enterprise MRG. Those versions do not include the upstream patch that introduced this vulnerability. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, or Red Hat Enterprise MRG. Those versions do not include the upstream patch that introduced this vulnerability. Not vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue does not affect Red Hat Enterprise Linux 3, 4, or 5. This flaw can only lead to a denial of service if perl-HTML-Parser is used in conjunction with perl 5.10.1. If perl-HTML-Parser is used with earlier versions of perl, this flaw does not lead to a denial of service. Not vulnerable. This issue did not affect the versions of KVM as shipped with Red Hat Enterprise Linux 5. KVM is only supported on AMD64/x86_64 architecture on Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of KVM as shipped with Red Hat Enterprise Linux 5 as it does not contain the patch that introduced this vulnerability (upstream commit f0a3602c). Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3722 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update will address this flaw. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG, as they do not include the upstream change introducing this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-3726. The Linux kernel as shipped with Red Hat Enterprise Linux 3 did not have support for NFSv4, and therefore is not affected by this issue. It was addressed in Red Hat Enterprise Linux 5, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1670.html and https://rhn.redhat.com/errata/RHSA-2009-1635.html respectively. A future kernel update in Red Hat Enterprise Linux 4 will address this issue. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of mutt as shipped with Red Hat Enterprise Linux 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-3766 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. This issue was addressed in the openldap packages as shipped with Red Hat Enterprise Linux 5 and 4 via: https://rhn.redhat.com/errata/RHSA-2010-0198.html and https://rhn.redhat.com/errata/RHSA-2010-0543.html respectively. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future openldap update may address this flaw in Red Hat Enterprise Linux 3. The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2010-0360.html Not vulnerable. The Linux kernels as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG did not have MMU disabled, and therefore are not affected by this issue. This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 3, as it does not implement the sysfs file system ("/sys/"), through which dbg_lvl file is exposed by the megaraid_sas driver. Issue was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0076.html , https://rhn.redhat.com/errata/RHSA-2010-0046.html and https://rhn.redhat.com/errata/RHSA-2009-1635.html respectively. Not vulnerable. This issue did not affect the versions of libexif as shipped with Red Hat Enterprise Linux 4, or 5. This issue affects the version of dovecot shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of dovecot shipped with Red Hat Enterprise Linux 4 and 6. Vulnerable. This issue affects gimp packages in Red Hat Enterprise Linux 4 and 5. This issue does not affect gimp package in Red Hat Enterprise Linux 6. Not vulnerable. This issue did not affect the versions of poppler as shipped with Red Hat Enterprise Linux 5. This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 3, as it does not implement the sysfs file system ("/sys/"), through which poll_mode_io file is exposed by the megaraid_sas driver. Issue was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0076.html , https://rhn.redhat.com/errata/RHSA-2010-0046.html and https://rhn.redhat.com/errata/RHSA-2009-1635.html respectively. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG as KVM (Kernel-based Virtual Machine) is only supported in Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is not vulnerable to this issue because it does not include the change that introduced this buffer overflow vulnerability. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 5, and Red Hat Enterprise MRG did not include support for the HiSax ISDN driver for Colognechip HFC-S USB chip, and therefore were not affected by this issue. Issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0076.html We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise MRG as the affected driver is not enabled in this kernel. It was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0076.html and https://rhn.redhat.com/errata/RHSA-2010-0046.html respectively. Red Hat Enterprise Linux 3 is now in Production 3 of the maintenance life-cycle, http://www.redhat.com/security/updates/errata, and this issue is rated as having low impact, therefore the fix for this issue is not currently planned to be included in the future updates. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-4021 The Linux kernel packages as shipped with Red Hat Enterprise Linux 3 and 4 do not include support for FUSE, and therefore are not affected by this issue. It was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0046.html A future kernel update for Red Hat Enterprise MRG will address this flaw. While this flaw exists in all 9.x versions, we do not plan to release bind updates for Red Hat Enterprise Linux 3 and 4 including this fix. The version of bind shipped in those products is 9.2.4, which has an older DNSSEC implementation, which is incompatible with currently used DNSSEC version and can not be used to secure communication with current public internet DNS servers. This flaw does not introduce additional risks to bind installations that are not using DNSSEC, as a successful attack requires bypass of other cache poisoning protections (such as random query source ports and transaction ids). This flaw only allows for the bypass of protection provided by DNSSEC. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commits d75636ef and d92684e6 that introduced the problem. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-4027. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 as they do not have support for the mac80211 framework. It did not affect the version of the Linux kernel as shipped with Red Hat Enterprise MRG as they do not include the upstream patch that introduced this vulnerability. A future update will address this flaw in Red Hat Enterprise Linux 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4029 This issue was addressed in the automake, automake14, automake15, automake16 and automake17 packages as shipped with Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0321.html The Red Hat Security Response Team has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4. This issue is only security-relevant in PostgreSQL versions 8.4 and later as previous versions did not compare the connection host name with the certificate CommonName at all. Client certificate authentication was introduced in version 8.4. Red Hat Enterprise Linux 5 and earlier provided PostgreSQL versions 8.1.x and earlier, and are thus not affected by this issue. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as the affected code has been removed. It was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1386.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Not vulnerable. This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6 as it did not affect the Ruby 1.8 series. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG. Those versions do not include the upstream patch that introduced this vulnerability. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue does not affect users using coreutils binary RPMs, or rebuilding source RPMs. Therefore, we do not plan to release updates addressing this flaw on Red Hat Enterprise Linux 3, 4 and 5. For additional details, refer to the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4135 This issue was addressed in Red Hat Enterprise Linux 3 via https://rhn.redhat.com/errata/RHSA-2010-0427.html This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0428.html This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0429.html and https://rhn.redhat.com/errata/RHSA-2010-0430.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-4138 The Linux kernel packages as shipped with Red Hat Enterprise Linux 3 and 4 have a different (and older) implementation of the driver for OHCI 1394 controllers, which is not affected by this issue. It was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0046.html A future kernel update for Red Hat Enterprise MRG will address this flaw. Vulnerable. This issue has been addressed in Red Hat Network Satellite Server v 5.4.1 via RHSA-2011:0879 https://rhn.redhat.com/errata/RHSA-2011-0879.html. This issue is not planned to be fixed in Red Hat Network Satellite Server version 5.3.0. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit 233e70f4 that introduced the problem. It was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0046.html We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-4227 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-4228 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat considers this to be a duplicate of the CVE-2009-4033, rather than a separate issue. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=542926#c10 Not vulnerable. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 3, 4, or 5. This security issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 3, 5 and Red Hat Enterprise MRG. This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0146.html. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commits c6153b5b and 1080d709 that introduced the problem. It was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0046.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-4307 The Linux kernel packages as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG do not include support for EXT4, and therefore are not affected by this issue. A future kernel update for Red Hat Enterprise Linux 5 will address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-4308 The Linux kernel packages as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG do not include support for EXT4, and therefore are not affected by this issue. This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0147.html. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit 59efec7b that introduced the problem. Not vulnerable. This issue did not affect the versions of acl as shipped with Red Hat Enterprise Linux 3, 4, or 5. Red Hat does not consider this to be a security flaw. For further details, see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4418 Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, 4, or 5. The packages use OpenSSL and not yaSSL. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-4565 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of Thunderbird as shipped with Red Hat Enterprise Linux 4 and 5, and Seamonkey as shipped with Red Hat Enterprise Linux 3 and 4. Not vulnerable. This issue did not affect the versions of Firefox, Thunderbird, or Seamonkey as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of gnome-screensaver as shipped with Red Hat Enterprise Linux 5. Red Hat does not consider this bug to be a security issue. Properly written application should not use arbitrary untrusted data as part of the format string passed to functions as strfmon or printf family functions. Red Hat does not consider this bug to be a security issue. Properly written application should not use arbitrary untrusted data as part of the format string passed to functions as strfmon or printf family functions. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5. This issue was addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0161.html. Not vulnerable. This issue did not affect the versions of pcsc-lite as shipped with Red Hat Enterprise Linux 5. This flaw did not affect libtiff as shipped in Red Hat Enterprise Linux 4 or 5. The OJPEG decoder is disabled in those distributions. Not vulnerable. This issue did not affect the versions of groff as shipped with Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. This issue did not affect the versions of groff as shipped with Red Hat Enterprise Linux 4, 5, or 6. The Red Hat Security Response Team has rated this issue as having low security impact because it can only be exploited during package compilation. We do not currently plan to fix this flaw. Not vulnerable. This issue did not affect the versions of groff as shipped with Red Hat Enterprise Linux 4, 5, or 6. The Red Hat Security Response Team has rated this issue as having low security impact because it can only be exploited during package compilation. We do not currently plan to fix this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-0003. This issue has been rated as having moderate security impact. A future update in Red Hat Enterprise MRG may address this flaw. This issue was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0146.html and https://rhn.redhat.com/errata/RHSA-2010-0147.html respectively. This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/ Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not have support for network namespaces, and did not include upstream commit 483a47d2 that introduced the problem. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-0007. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, as it did not include support for ebtables. This issue was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0146.html and https://rhn.redhat.com/errata/RHSA-2010-0147.html respectively. A futur e update in Red Hat Enterprise MRG may address this flaw. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for SCTP. It did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG as it has already had the fix to this issue. This was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0146.html and https://rhn.redhat.com/errata/RHSA-2010-9419.html respectively. This issue does not affect the Apache HTTP Server versions 2 and greater. This flaw does not affect any supported versions of Red Hat Enterprise Linux. This flaw does affect Red Hat Network Proxy and Red Hat Network Satellite. While those products do not use this feature, we are tracking the issue with the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0010 The Red Hat Security Response Team has rated this issue as having low security impact. We do not currently plan to address this flaw on Red Hat Enterprise Linux 4 and 5. This issue does not affect Red Hat Enterprise Linux 6. Not vulnerable. This issue did not affect the versions of openoffice.org as shipped with Red Hat Enterprise Linux 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0205 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of the bind as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of bind package as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue was addressed for Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0115.html We currently have no plans to fix this flaw in Red Hat Enterprise Linux 3 as the MSN protocol support in the provided version of Pidgin (1.5.1) is out-dated and no longer supported by MSN servers. There are no plans to backport MSN protocol changes for that version of Pidgin. Not vulnerable. This issue did not affect the versions of MIT Kerberos 5 as shipped with Red Hat Enterprise Linux 3, 4 or 5. Those versions do not contain the vulnerable code that was introduced in krb5 1.7. Not vulnerable. This issue did not affect the versions of gnome-screensaver as shipped with Red Hat Enterprise Linux 5 or 6. The risks associated with fixing this bug are greater than the important severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3 and 4. This issue was addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0504.html and https://rhn.redhat.com/errata/RHSA-2010-0161.html. Not vulnerable. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG did not include support for Devtmpfs, and therefore are not affected by this issue. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-0307. This issue has been rated as having moderate security impact. This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0146.html. Future updates in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw. This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/ Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0308 This issue was addressed in the squid packages as shipped with Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0221.html The Red Hat Security Response Team has rated this issue as having low security impact, a future squid update may address this flaw in Red Hat Enterprise Linux 3 and 4. This issue did not affected Red Hat Enterprise Linux 3 and 4 due to the lack of localization in lppasswd as provided in those releases. The affected code is present in Red Hat Enterprise Linux 5, however lppasswd is not shipped setuid so is not vulnerable to this issue. If a user were to enable the setuid bit on lppasswd, the impact would only be a crash of lppasswd due to use of FORTIFY_SOURCE protections. Therefore, there are no plans to correct this issue in Red Hat Enterprise Linux 5. This issue was addressed in the php packages as shipped with Red Hat Enterprise Linux 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2010-0919.html Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-0410. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for kernel connectors. Future updates in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for sys_move_pages. It was only introduced in kernel version 2.6.18 onwards. This issue was addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0147.html and https://rhn.redhat.com/errata/RHSA-2010-0161.html. The Red Hat Security Response Team has rated this issue as having low security impact. For Red Hat Enterprise Linux 4 and 5, this issue was addressed via https://rhn.redhat.com/errata/RHSA-2010-0115.html We currently have no plans to fix this flaw in Red Hat Enterprise Linux 3 as the issue only causes Pidgin client to become unresponsive or crash. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0424 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0122.html It did not affect the versions of the sudo package as shipped with Red Hat Enterprise Linux 3 and 4. This issue was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0122.html It did not affect the versions of the sudo packages as shipped with Red Hat Enterprise Linux 3 and 4. The CVE-2010-0430 issue was fixed in the kvm packages for Red Hat Enterprise Linux 5 via RHSA-2010:0271, and fixed in the rhev-hypervisor package via RHSA-2010:0476. This CVE was not disclosed at the time the errata were released; therefore, it was not mentioned in them. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0434 This issue was fixed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0168.html This issue was fixed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2010-0175.html The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw on Red Hat Enterprise Linux 3. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-0437. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for Optimistic Duplicate Address Detection (DAD) in IPv6. This was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-9419.html. A future update in Red Hat Enterprise MRG may address this flaw. Not vulnerable. This issue did not affect the versions of fetchmail as shipped with Red Hat Enterprise Linux 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-0622. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for priority-inheriting futex. Future updates in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw. Not vulnerable. This security issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG, as they do not include the upstream change that introduced this flaw. Not vulnerable. This flaw does not affect MIT krb5 as provided in Red Hat Enterprise Linux 3, 4, and 5. Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5. Those versions are not compiled with the support for HTCP protocol. Not vulnerable. Apache ActiveMQ is not shipped with any supported Red Hat products. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-0727. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG, as it did not include support for the GFS and GFS2 file systems. For the GFS issue, it was addressed in Red Hat Enterprise Linux 3 in the gfs package, 4 in the GFS-kernel package, and 5 in the gfs-kmod package, via https://rhn.redhat.com/errata/RHSA-2010-9493.html, https://rhn.redhat.com/errata/RHSA-2010-9494.html, https://rhn.redhat.com/errata/RHSA-2010-0291.html respectively. For the GFS2 issue, it was addressed in Red Hat Enterprise Linux 5 in the kernel package via https://rhn.redhat.com/errata/RHSA-2010-0178.html. Not vulnerable. This issue did not affect the versions of the samba package, as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did not affect the version of the samba3x package, as shipped with Red Hat Enterprise Linux 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-0729. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 5 or Red Hat Enterprise MRG, as they do not include the internal change introducing this flaw. A future update in Red Hat Enterprise Linux 4 may address this flaw. This issue was fixed by a patch to JBoss Operations Network 2.3.1, available for download from the Red Hat Customer Portal: https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=1983&product=em&version=2.3.1&downloadType=securityPatches Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. These issues did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not backport an out-of-tree drbd module (drbd8). Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2010-0789 This issue affects Red Hat Enterprise Linux 5 because it ships fusermount suid root, however the impact of this flaw is minimized due to the fact that only members in group fuse may use it the executable is owned root:fuse and mode 4750. Red Hat Enterprise Linux 3 and 4 do not provide the fuse package. Not vulnerable. This issues does not affect the versions of emacs or xemacs as shipped with Red Hat Enterprise Linux. The movemail utility in Red Hat Enterprise Linux does not have the setgid bit set, which is required for this flaw to be exploitable. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue was addressed in Samba packages in Red Hat Enterprise Linux 5. It did not affect Samba packages in Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact. There is no plan to address this flaw in Red Hat Enterprise Linux 4. To prevent this issue, disable "wide links" or "unix extensions" in the Samba configuration file (/etc/samba/smb.conf) and restart smbd (service smb restart). Disabled "wide links" ensure that remote Samba clients will not have wide symbolic links (links pointing outside of the shared directory) resolved on the server side when processing requests from a client that does not support UNIX extensions. Disabled "unix extensions" prevents creation of wide links by malicious clients which support UNIX extensions. For further information, please view http://www.samba.org/samba/news/symlink_attack.html CVE-2010-0928 describes a fault-based attack on OpenSSL where an attacker has precise control over the target system environment in order to be able to introduce faults through power supply manipulation. The attack is not a viable threat to OpenSSL as used in Red Hat products. The Red Hat Security Response Team has rated this issue as having low security impact and we do not intend to issue updates to address it. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-1083 This issue has been rated as having low security impact. A future update in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG may address this flaw. This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/ Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-1084 This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise 3 and 4, as it did not use sysfs files. A future update in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-1085 This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3 and Red Hat Enterprise MRG as they did not include the affected function. A future update in Red Hat Enterprise Linux 4 and 5 may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-1086 This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for ULE (Unidirectional Lightweight Encapsulation). We have included a fix for this issue in Red Hat Enterprise Linux 4 and 5 however the affected module is not build by default. This issue was addressed in Red Hat Enterprise MRG via http://rhn.redhat.com/errata/RHSA-2010-0631.html. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-1087 This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 as they did not include the upstream commit 150030b7 that had introduced the problem. A future update in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-1088 This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 as this issue only affects kernel version 2.6.18 and onwards. A future update in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2010-1104 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=577582 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Not vulnerable. The Linux kernel as shipped with with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG did not include support for reiserfs and therefore are not affected by this issue. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include support for POSIX opens on lookup. The risks associated with fixing this flaw are greater than the low severity security risk. We therefore have no plans to fix this flaw. The information leak can be avoided by adjusting the configuration to always specify a realm-name. The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2010-1160 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2010-1161 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 as they did not include upstream commit ab521dc0 that introduced the problem. This issue was addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0631.html. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-1173. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for SCTP. Future kernel updates in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG may address this flaw. For more information, please see http://kbase.redhat.com/faq/docs/DOC-31052. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-1187. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for Transparent Inter-Process Communication Protocol (TIPC). A future kernel update in Red Hat Enterprise Linux 5 may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-1188 This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise MRG, as it was fixed since version v2.6.20-rc6. It was addressed in Red Hat Enterprise Linux 5 in the kernel package via https://rhn.redhat.com/errata/RHSA-2010-0178.html. A future update in Red Hat Enterprise Linux 3 and 4 may address this flaw. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. Apache ActiveMQ is not shipped with any supported Red Hat products. Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did not affect Red Hat Enterprise Linux 3, 4, or 5. It was addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2010-0863.html. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for the GFS2 file system. A future kernel update in Red Hat Enterprise Linux 5 will address this issue. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3. Future kernel updates in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG will address this issue. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include support for KGDB, a debugger for the Linux kernel. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG. Red Hat does not provide support for the Linux kernel on the SPARC architecture. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. The Linux kernel as shipped with with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG did not include upstream commit 28b83c51 (v2.6.32-rc1) that introduced the problem. Not vulnerable. Apache ActiveMQ is not shipped with any supported Red Hat products. Not vulnerable. These issues did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did not affect the versions of the SpringSource Spring Framework, as shipped with JBoss Enterprise Application Platform v4.2.0, v4.3.0, or v.5.0.0. The Red Hat Security Response Team has rated this issue as having low security impact, a future pidgin package update may address this flaw in Red Hat Enterprise Linux 3, 4, and 5. Not vulnerable. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. These issues did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. These issues did not affect the versions of samba as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include support for Btrfs, a new copy on write filesystem. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-1641. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for the GFS2 file system. A future kernel update in Red Hat Enterprise Linux 5 will address this issue. Red Hat does not consider this to be a security flaw. This issue can cause smbd per-connection child process crash, resulting in the termination of an attacker's connection. Availability of the smb service is not impacted. Vulnerable. This issue affects quagga packages in Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw for Red Hat Enterprise Linux 3 and 4 mysql packages. This issue was fixed in mysql packages shipped with Red Hat Enterprise Linux 5 via RHSA-2012:0127. The mysql packages in Red Hat Enterprise Linux 6 include this fix since the initial release of the product. These issues did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, or 4. Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, 4, or 5, and Red Hat Application Stack v2. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, 4, or 5, as well as the versions of php53 as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 3, 4, or 5. Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php This issue is not planned to be fixed in Red Hat Enterprise Linux 3 due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important and critical impact are addressed. For further information about the Errata Support Policy, visit: http://www.redhat.com/security/updates/errata This issue has been addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0428.html This issue has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0429.html and https://rhn.redhat.com/errata/RHSA-2010-0430.html There is not plan to address this issue in the PostgreSQL packages as shipped with Red Hat Enterprise Linux 3. The Red Hat Security Response Team does not consider a user assisted denial of service (and potential crash) of end user application, such a Firefox, to be a security issue. The Red Hat Security Response Team has rated this issue as having low security impact. By default, /var/spool/mail/ is not provided with permissions to make an attack scenario possible, and there is no reason for permissions to be relaxed in such a way as to make it possible. We therefore have no plans to fix this flaw in Red Hat Enterprise Linux 4 or 5. The Red Hat Security Response Team has rated this issue as having low security impact. While support for the MBX mailbox format is compiled into Exim, it is not used by default. MBX mailboxes are only useful when used with UW-IMAP or the Pine mail client, neither of which are provided with Red Hat Enterprise Linux. If the MBX format is used, this issue can be worked around by specifying "use_fcntl_lock" rather than "use_mbx_lock". We therefore have no plans to fix this flaw in Red Hat Enterprise Linux 4 or 5. Not vulnerable. This issue did not affect the versions of myfaces as shipped with JBoss Enterprise Web Server. Not vulnerable. These issues did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for the Ext4 filesystem. A future kernel update in Red Hat Enterprise Linux 5 will address this issue. Not vulnerable. These issues did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include support for Btrfs, a new copy on write filesystem. Not vulnerable. This issue does not affect the versions of Apache CXF shipped with any Red Hat products. This flaw affects applications using unencrypted client-side view states on Mojarra as shipped with JBoss Communications Platform 1.2.11 and 5.1.1, JBoss Enterprise Application Platform 4.2.0, 4.3.0 and 5.1.1, JBoss Enterprise BRMS Platform 5.1.0, JBoss Enterprise Portal Platform 4.3 and 5.1.1, JBoss Enterprise SOA Platform 4.2.0, 4.3.0 and 5.1.0, JBoss Enterprise Web Platform 5.1.1 and JBoss Web Framework Kit 1.1.0 and 1.2.0. Unencrypted client-side view states are fundamentally insecure and should not be used. Developers are advised to always enable encryption when creating JavaServer Faces (JSF) applications using client-side view state. When using the Mojarra implementation of JSF, this is achieved by adding the following snippet to the application's web.xml: <context-param> <param-name>javax.faces.STATE_SAVING_METHOD</param-name> <param-value>client</param-value> </context-param> <env-entry> <env-entry-name>ClientStateSavingPassword</env-entry-name> <env-entry-type>java.lang.String</env-entry-type> <env-entry-value>INSERT_YOUR_PASSWORD</env-entry-value> </env-entry> Not Vulnerable. This issue does not affect the version of php as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue does not affect the version of php53 as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, 4, or 5, and Red Hat Application Stack v2. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, 4, or 5, and Red Hat Application Stack v2. Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php The Red Hat Security Response Team does not consider a user assisted denial of service (and potential crash) of end user application, such a Firefox, to be a security issue. Not vulnerable. These issues did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 3, 4, or 5. Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php We do not consider this to be a security issue as it does not introduce any additional risk in using untrusted RPM .spec files. RPM .spec files can do a lot of things, regardless of how rpmbuild parses the syntax, because certain sections of the .spec file (%prep, %build, etc.) are treated as shell scripts. Because of the ability to easily include malicious commands anywhere, an untrusted .spec file should be carefully examined prior to building, the same as if you were to download and execute an untrusted shell script. Not vulnerable. RPM as provided with Red Hat Enterprise 3, 4, and 5 do not support POSIX capabilities. We do not consider RPM's lack of removing POSIX ACLs to be security sensitive. Users cannot use POSIX ACLs to elevate their privileges; therefore, there is no need to clear them upon package upgrade or removal. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for the XFS filesystem. A future kernel update in Red Hat Enterprise Linux 5 will address this issue. Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the version of libvirt as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the version of libvirt as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact, future update may address this flaw for Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG: Red Hat Enterprise Linux 3 and 4 did not have the 'current_clocksource' file in /sys/; Red Hat Enterprise Linux 5 restricted 'current_clocksource' to only the root user; and Red Hat Enterprise MRG enabled CONFIG_GENERIC_TIME by default. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not have support for CIFS. Future updates in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG may address this flaw. This issue did not affect the version of lftp as shipped with Red Hat Enterprise Linux 3 and 4 as they did not include support for renaming files to a server-suggested file name. The Red Hat Security Response Team has rated this issue as having low security impact due to the series of events required to successfully exploit it. A future update may address this flaw. This issue affects the versions of the perl-libwww-perl package, as shipped with Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5. This is not a vulnerability. Red Hat Enterprise Linux does not have /var/log/messages world-readable, nor is GDM run in debug mode; both are requirements for this to be considered a flaw. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3 or 4. It was addressed in Red Hat Enterprise Linux 5 via RHSA-2010:0811. Not vulnerable. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue was fixed by the 5.0.2 release of the JBoss Enterprise SOA Platform, available for download from the Red Hat Customer Portal: https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=distributions&version=5.0.2+GA The JBoss Enterprise SOA Platform 5.0.2 Release Notes are available from http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html This issue did not affect python-paste version as shipped with Red Hat Enterprise Linux 6, which included the fixed version since its initial release. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for the Neptune Ethernet driver. It did not affect Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG, as they do not contain the upstream commit 0853ad66 that introduced this flaw. Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG did not include support for eCryptfs, and therefore are not affected by this issue. A future update in Red Hat Enterprise Linux 6 may address this flaw. This was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0723.html. These issues were fixed by the 5.0.2 release of the JBoss Enterprise SOA Platform, available for download from the Red Hat Customer Portal: https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=distributions&version=5.0.2+GA The JBoss Enterprise SOA Platform 5.0.2 Release Notes are available from http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not backport the upstream commit ffcebb16 that introduced this vulnerability. Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for Network File System (NFS) version 4. Future updates in Red Hat Enterprise 4, 5, and Red Hat Enterprise MRG may address this flaw. The mipv6-daemon packages in Red Hat Enterprise Linux 6 are not vulnerable to this issue, as they contain a backported patch correcting this flaw. The mipv6-daemon packages in Red Hat Enterprise Linux 6 are not vulnerable to this issue, as they contain a backported patch correcting this flaw. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG as they did not include support for the upcall mechanism for the Common Internet File System (CIFS). This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0723.html. Not vulnerable. This issue did not affect the versions of pidgin as shipped with Red Hat Enterprise Linux 3, 4, or 5. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue is not planned to be fixed in Red Hat Enterprise Linux 3 due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important and critical impact are addressed. For further information about the Errata Support Policy, visit: http://www.redhat.com/security/updates/errata Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include support for Btrfs, a new copy on write filesystem. This issue does not affect the version of the java-1.6.0-openjdk package, as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in qt. Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did not affect the versions of evince as shipped with Red Hat Enterprise Linux 5. This issue did not affect the versions of evince as shipped with Red Hat Enterprise Linux 5. This issue did not affect the versions of evince as shipped with Red Hat Enterprise Linux 5. This issue did not affect the versions of evince as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of KVM as shipped with Red Hat Enterprise Linux 5 as it does not contain the patch that introduced this vulnerability. This issue does not affect the version of the java-1.6.0-openjdk package, as shipped with Red Hat Enterprise Linux 5. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for the GFS2 file system. A future kernel update in Red Hat Enterprise Linux 5 will address this issue. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include support for GPU DRM. Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 3, 4, or 5. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue is not planned to be fixed in Red Hat Enterprise Linux 5, as its impact is mitigated by standard glibc protection mechanisms to cause only application abort. Red Hat Security Response Team does not consider a user-assisted crash (abort) of a client application, such as OpenOffice.org Impress tool, to be a security issue. This issue is not planned to be fixed in Red Hat Enterprise Linux 5, as its impact is mitigated by standard glibc protection mechanisms to cause only application abort. Red Hat Security Response Team does not consider a user-assisted crash (abort) of a client application, such as OpenOffice.org Impress tool, to be a security issue. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, or 5 as they did not include support for ECDH. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include upstream commit be84c7f6 (history repository) that introduced the problem. A future kernel update in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG will address this issue. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG as they did not include support for the XFS file system. A future kernel update in Red Hat Enterprise Linux 5 will address this issue. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include support for the Journaled File System (JFS). This issue is not planned to be fixed in Red Hat Enterprise Linux 3 due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important and critical impact are addressed. For further information about the Errata Support Policy, visit: http://www.redhat.com/security/updates/errata A future update in Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5 may address this flaw. Not vulnerable. This issue did not affect the versions of quagga package as shipped with Red Hat Enterprise Linux 3, 4, or 5, as these versions do not support 4 byte AS numbers (AS4 support) yet. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as it did not include support for the IrDA protocol. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5 as they did not backport the upstream commit 3d23e349 that had introduced the problem. A future update in Red Hat Enterprise MRG may address this flaw. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as they did not include support for the broadcast manager (BCM) protocol. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as it did not include upstream commit ee18d64c that introduced the problem. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG did not include support for Graphics Execution Manager (GEM) in the i915 driver, and therefore are not affected by this issue. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 as they did not include the upstream commit eb4eeccc that introduced the problem. It did not affect Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG as they did not provide support for the Stradis driver that uses the vulnerable compat code for VIDIOCSMICROCODE. As a preventive measure, we have removed the vulnerable code in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0839.html. We plan to remove the vulnerable code in a future kernel update in Red Hat Enterprise MRG. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for the Ext4 filesystem. A future kernel update in Red Hat Enterprise Linux 5 will address this issue. Red Hat security response team does not consider a crash of a client application linked against freetype to be a security issue. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, 4, or 5, and Red Hat Application Stack v2. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, 4, or 5, and Red Hat Application Stack v2. This issue is not planned to be fixed in Red Hat Enterprise Linux 3 due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important and critical impact are addressed. For further information about the Errata Support Policy, visit: http://www.redhat.com/security/updates/errata This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 as they did not include support for eventfd in the Async I/O (AIO) implementation. It did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG as it has already had the fix to this issue. This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0839.html This issue did not affect the version of Squid as shipped with Red Hat Enterprise Linux 3, 4, or 5. It was corrected in Red Hat Enterprise Linux 6 via RHSA-2011:0545. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG as they did not include support for the XFS file system. This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0839.html This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5, as they do not include support for Ftrace. It did not affect Red Hat Enterprise MRG as it did not contain the upstream commit 8fc0c701 that introduced this flaw. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5 as it did not include upstream commit 7034632d that introduced the problem. It did not affect Red Hat Enterprise MRG as the /dev/sequencer device file is restricted to root access only. More information can be found in this kbase: https://access.redhat.com/kb/docs/DOC-40265. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for the Neptune Ethernet driver. It did not affect Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG, as they do not contain the upstream commit 2d96cf8c that introduced this flaw. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 as they did not support for the FUTEX_LOCK_PI futex operation. It did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG as it has already had the fix to this issue. This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0839.html The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. The Red Hat Security Response Team has rated this issue as having low security impact. We do not currently plan to fix this flaw. If more information becomes available at a future date, we may revisit the issue. Not vulnerable. This issue did not affect the versions of conga as shipped with Red Hat Cluster Suite for Red Hat Enterprise Linux 4 and as shipped with Red Hat Enterprise Linux 5 as they use own internal mechanism to verify if user requesting particular page is authenticated. Plone private pages permissions configuration mechanism is not used in conga. The Red Hat Security Response Team has rated this issue as having low security impact, a future update to Red Hat Directory Server may address this flaw. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5 as they did not include support for equalizer load-balancer for serial network interfaces. This was addressed in Red Hat Enterprise Linux Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0771.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5, as they did not support USB Option High Speed Mobile Devices. This was addressed in Red Hat Enterprise Linux Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0771.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG, as they do not contain the upstream commit d4d67150 that introduced this flaw. More information can be found in this kbase: https://access.redhat.com/kb/docs/DOC-40330 This issue does not affect the version of dovecot package, as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not include support for the ROSE protocol. Red Hat Enterprise Linux 3 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Not vulnerable. This issue did not affect the versions of pam as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for SCTP. This was addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0958.html and https://rhn.redhat.com/errata/RHSA-2010-0842.html. Future updates in Red Hat Enterprise Linux 4 and 5 may address this flaw. We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php The Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 did not include support for Packet writing layer for ATAPI and SCSI disc media devices, and therefore are not affected by this issue. The Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG only allow root access to the "/dev/pktcdvd/control" file, and therefore are also not affected by this issue. The Red Hat Security Response Team has rated this issue as having low security impact, a future update to wireshark in Red Hat Enterprise Linux 4 and 5 may address this flaw. This issue was addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2010-0924.html. This issue affects the version of the python package as shipped with Red Hat Enterprise Linux 4, 5, and 6. Due to the nature of this flaw, it cannot be fixed in the python language, but must be addressed in each module which calls accept(). This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 4 and 5 as they did not include support for DHCPv6. The Red Hat Security Response Team has rated this issue as having low security impact. Because the version of bind in Red Hat Enterprise Linux 4 does not implement support for the currently-used DNSSEC protocol version, there is no plan to address this flaw there. It has been addressed in Red Hat Enterprise Linux 5 (via RHSA-2010:0975) and Red Hat Enterprise Linux 6 (via RHSA-2010:0976). Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6. Not vulnerable. This issue did not affect the versions of mysql package as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3 and 4. This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0825.html. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3 and 4. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3. This issue was addressed in Red Hat Enterprise Linux 4, 5 and 6 via RHSA-2010:0824, RHSA-2010:0825 and RHSA-2011:0164 respectively. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3 and 4. This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0825.html. Not vulnerable. This issue did not affect the versions of mysql package as shipped with Red Hat Enterprise Linux 3, 4, or 5. Not vulnerable. This issue did not affect the versions of freeradius as shipped with Red Hat Enterprise Linux 4, 5, or 6. Red Hat does not consider this to a security issue. In order for the crash condition to be observed, the RADIUS server must already be unresponsive for extended periods of time, the net result of which is that you cannot DoS an already-unresponsive server. Other specialized conditions are required as well, that make an attack using this flaw unviable. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-3705. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for SCTP. It did not affect Red Hat Enterprise Linux 4 and 5 as it did not include upstream commit 1f485649 that introduced the problem. Future kernel updates in Red Hat Enterprise MRG may address this flaw. Not vulnerable. This issue did not affect the versions of dovecot as shipped with Red Hat Enterprise Linux 4, 5 or 6. This issue did not affect the version of dovecot package, as shipped with Red Hat Enterprise Linux 4 and 5. This issue affects the version of dovecot package as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the version of PHP as shipped with Red Hat Enterprise Linux 3, 4 or 5. This issue did not affect the version of php packages as shipped with Red Hat Enterprise Linux 4, 5 or 6. It did affect the PHP 5.3 (php53) package on Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of dovecot as shipped with Red Hat Enterprise Linux 4, 5 or 6. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, 6 or Red Hat Enterprise MRG. Red Hat does not provide support for the Acorn Econet network protocol. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as they did not backport the upstream commit b6a2fea3 that introduced the issue. This was addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0004.html and https://rhn.redhat.com/errata/RHSA-2010-0958.html. Future kernel updates in Red Hat Enterprise Linux 6 may address this flaw. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-3859. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 6 and Red Hat Enterprise MRG as they did not include support for Transparent Inter-Process Communication Protocol (TIPC). A future kernel update in Red Hat Enterprise Linux 5 may address this flaw. As a preventive measure, we plan to include the fixes in a future kernel update in Red Hat Enterprise Linux 4. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for the Neptune Ethernet driver. It did not affect Red Hat Enterprise Linux 5 as it did not contain the upstream commit 0853ad66 that introduced this flaw. This issue does not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux versions before Enterprise Linux 6. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG did not include support for the RDS Protocol, and therefore are not affected by this issue. Future kernel updates in Red Hat Enterprise Linux 5 may address this flaw. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as they did not include support for CCITT X.25 Packet Layer. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 did not include CAN bus subsystem support, and therefore are not affected by this issue. Future kernel updates in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG may address this flaw. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not include support for Amateur Radio AX.25 protocol. This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Extended Life Cycle Phase of its maintenance life-cycle, where only qualified security errata of critical impact are addressed. For further information about the Errata Support Policy, visit: http://www.redhat.com/security/updates/errata This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Extended Life Cycle Phase of its maintenance life-cycle, where only qualified security errata of critical impact are addressed. For further information about the Errata Support Policy, visit: http://www.redhat.com/security/updates/errata This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for Transparent Inter-Process Communication Protocol (TIPC). A future kernel update in Red Hat Enterprise Linux 5 may address this flaw. The Red Hat Security Response Team has rated this issue as having low security impact. On Red Hat Enterprise Linux 5 and 6, a user must be a member of the 'fuse' group in order to use FUSE. Due to the risks associated with fixing this bug on Red Hat Enterprise Linux 5, and because of the group restrictions in place, we currently have no plans to fix this flaw in Red Hat Enterprise Linux 5. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for monitoring of INET transport protocol sockets. Future updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for Kernel-based Virtual Machine (KVM). A future kernel update in Red Hat Enterprise Linux 5 may address this flaw. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG did not include support for the RDS Protocol, and therefore are not affected by this issue. Updates for Red Hat Enterprise Linux 5 and 6 are available to address this flaw. Not vulnerable. This issue did not affect the versions of festival as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did not affect the versions of libxml and libxml2 as shipped with Red Hat Enterprise Linux 3, and it did not affect the version of libxml2 as shipped with Red Hat Enterprise Linux 4. Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5 as the flaw was introduced in a later version of MIT krb5 (1.7). Red Hat does not consider crash of client application, using regcomp() or regexec() routines on untrusted input without preliminary checking the input for the sanity, to be a security issue (the described deficiency implies and is a known limitation of the glibc regular expression engine implementation). The expressions can be modified to avoid quantification nesting, or program modified to limit size of input passed to regular expression engine. We do not currently plan to fix these flaws. If more information becomes available at a future date, we may revisit these issues. This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Extended Life Cycle Phase of its maintenance life-cycle, where only qualified security errata of critical impact are addressed. For further information about the Errata Support Policy, visit: http://www.redhat.com/security/updates/errata This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include IPC compat functionality. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5 as they did not include support for Moschip USB serial port adapters. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include the affected functionality. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as they did not include support for Amiga built-in serial port. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5 as they did not include support for GlobeTrotter HSPDA PCMCIA card. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as they did not include or support the affected functionality. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5 as they did not include support for the Conexant's CX23415/CX23416 codec chip. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for RME Hammerfall DSP Audio. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 as they did not include support for RME Hammerfall DSP MADI Audio interface. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5 as they did not include support for VIA UniChrome (Pro) and Chrome9 graphics boards. This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Extended Life Cycle Phase of its maintenance life-cycle, where only qualified security errata of critical impact are addressed. For further information about the Errata Support Policy, visit: http://www.redhat.com/security/updates/errata We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php This issue did not affect the version of php packages as shipped with Red Hat Enterprise Linux 4, 5 or 6. It did affect the PHP 5.3 (php53) package on Red Hat Enterprise Linux 5. The Linux kernel as shipped with Red Hat Enterprise Linux 3 did not include the vulnerable code, and therefore is not affected by this issue. Future kernel updates in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG may address this flaw. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 did not include L2TP functionality, and therefore are not affected by this issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0007.html and https://rhn.redhat.com/errata/RHSA-2011-0330.html. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not backport the upstream commit 93821778 that introduced this. It did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they have backported the upstream commit fda9ef5d that addressed this. Future kernel update in Red Hat Enterprise Linux 5 may address this flaw. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit c5dec1c3 that introduced the issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0007.html and https://rhn.redhat.com/errata/RHSA-2011-0330.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit c5dec1c3 that introduced the issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0007.html and https://rhn.redhat.com/errata/RHSA-2011-0330.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not include support for CCITT X.25 Packet Layer. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit that introduced the issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0283.html and https://rhn.redhat.com/errata/RHSA-2011-0330.html. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 did not backport the upstream commit dab5855 that introduced the issue. Future kernel updates in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG may address this flaw. This issue does not affect the version of the systemtap package as shipped with Red Hat Enterprise Linux 4. This issue affects the versions of libsdp as shipped with Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG as they did not include support for the RDS protocol. It did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6 as they did not backport the upstream commit eff5f53b that introduced this issue. Not vulnerable. This issue did not affect the versions of dracut as shipped with Red Hat Enterprise Linux 6. This issue affects the version of the mercurial package, as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not have support for CPU time clocks for the POSIX clock interface. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0004.html, https://rhn.redhat.com/errata/RHSA-2011-0007.html and https://rhn.redhat.com/errata/RHSA-2011-0330.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5. It was addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0330.html. A future kernel update in Red Hat Enterprise Linux 6 may address this flaw. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG as they have already backported the fixes for this issue. Future kernel updates in Red Hat Enterprise Linux 6 may address this flaw. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not backport the upstream commit 35f3d14d that introduced this issue. The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG enabled the panic_on_oops sysctl tunable by default, and therefore are not affected by this issue. However, as a preventive measure (for example, for administrators who have turned panic_on_oops off), we plan to address this issue in future kernel updates in Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. This issue affects the version of the fontforge package as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of the xfig package as shipped with Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG as they did not include support for PCI I/O Virtualization (IOV). Future updates in Red Hat Enterprise Linux 5 and 6 may address this flaw. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4 and 5 as they did not include support for the Local Download Sharing Service (LDSS) protocol. This issue was addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2010-0924.html. This issue did not affect the versions of wireshark shipped with Red Hat Enterprise Linux 4, 5, and 6, as they did not include support for the Zigbee Cluster Library (ZCL) protocol. This issue is only a defense-in-depth measure, and we currently have no plans to fix this flaw in Red Hat Enterprise Linux 6. The use of the useHttpOnly setting in Tomcat only prohibits client scripts from accessing cookies when it is correctly implemented in the user's web browser. The use of httpOnly does not guarantee XSS protection; it is only a defense-in-depth measure. Additionally, implementing this as a default setting could have negative impact on existing expected behavior in client scripts. As a result, the Red Hat Security Response Team has determined that this issue is not a security flaw, but a proactive hardening measure and the risk associated with implementing it by default and possibly breaking expected behaviour is greater than any benefits it provides. Users who wish to take advantage of this hardening measure can enable useHttpOnly by adding '<Context useHttpOnly="true">' to the default context.xml or a specific web-application context. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect perl-IO-Socket-SSL version as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 or Red Hat Enterprise MRG. Red Hat does not provide support for the Acorn Econet network protocol. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for the Brocade Fibre Channel Host Bus Adapter driver. It did not affect the version of Linux kernels as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they have the included the fix for this issue. A future kernel update in Red Hat Enterprise Linux 5 may address this flaw. The Linux kernel as shipped with Red Hat Enterprise Linux 4 is not vulnerable because it checks for mmap_min_addr even in special cases. The Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG have mmap_min_addr sysctl tunable set to 4096, and therefore are not affected by this issue. However, as a preventive measure (for example, for administrators who have increased mmap_min_addr), we have addressed this in Red Hat Enterprise Linux 5, 6 and MRG via https://rhn.redhat.com/errata/RHSA-2011-0429.html, https://rhn.redhat.com/errata/RHSA-2011-0421.html, and https://rhn.redhat.com/errata/RHSA-2011-0330.html. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and 6 as they did not include upstream commit a1a541d8 and a25ee920 that introduced the problem. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0330.html. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 4 and 5. The getSymbol() and setSymbol() functions are unlikely to ever receive untrusted input as an $attr argument, and it is even less likely that they would receive such input when only a small set of pre-defined constants is expected. As a result, this flaw can only be triggered by the script author and cannot be used to cross trust boundaries. The Red Hat Security Response Team does not consider it to be security-relevant. Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue affects the version of libvpx as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the versions of libxml and libxml2 as shipped with Red Hat Enterprise Linux 3, and it did not affect the version of libxml2 as shipped with Red Hat Enterprise Linux 4 and 5. The Linux kernel as shipped with Red Hat Enterprise Linux 4 did not include upstream commit history:5aabd1fe268e850c2e93048a5ccc5eb6970ac49c, and therefore is not affected by this issue. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via http://rhn.redhat.com/errata/RHSA-2011-0163.html, https://rhn.redhat.com/errata/RHSA-2011-0421.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for Open Sound System (OSS). This issue did not affect the versions of pidgin package as shipped with Red Hat Enterprise Linux 4, 5, and 6 as this issue is specific to versions of libpurple from 2.7.6 up to 2.7.8. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG. Red Hat does not provide support for the IrDA protocol. This issue affects the version of ccid shipped with Red Hat Enterprise Linux 5 and 6. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0523. A future update may address this flaw in Red Hat Enterprise Linux 5. This issue affects the version of pcsc-lite shipped with Red Hat Enterprise linux 5 and 6. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0525. A future update may address this flaw in Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 did not include CAN bus subsystem support, and therefore are not affected by this issue. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0330.html. A future kernel update in Red Hat Enterprise Linux 6 may address this flaw. This issue leads to a temporary denial of service (high CPU consumption) when a PHP script handles numeric values from untrusted user input. It does not affect the versions of PHP as shipped with Red Hat Enterprise Linux 3, 4 or 5. It did affect the PHP 5.3 (php53) package on Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit d03032af that introduced this issue. Future kernel updates in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG may address this flaw. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html and https://rhn.redhat.com/errata/RHSA-2011-0498.html, and https://rhn.redhat.com/errata/RHSA-2011-0330.html. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Future kernel updates in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG may address this flaw. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit 59efec7b that introduced this issue. It did not affect the version of Linux kernel as shipped with Red hat Enterprise MRG as it did not provide support for Character device in Userspace (CUSE). A future kernel update in Red Hat Enterprise Linux 6 may address this flaw. Note that, by default, the "/dev/cuse" file in Red Hat Enterprise Linux 6 is only accessible by the root user. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they do not have support for the I/O-Warrior USB devices. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0330.html. A future kernel update in Red Hat Enterprise Linux 6 may address this flaw. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw the packages php53 php. The Red Hat Security Response Team has rated this issue as having low security impact, a future update to Red Hat Enterprise Linux 6 may address this flaw. This issue did not affect Red Hat Enterprise Linux 4 or 5. The Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This flaw has already been fixed in Red Hat Enterprise Linux 4 and 5 by a patch included in RHSA-2010:0519. Not vulnerable. This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 4, 5, and 6. We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 4, 5, or 6. Red Hat does not consider this issue to be a security vulnerability, rather consider this to be a non-security bug. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4, 5, or 6. Red Hat does not consider this issue to be a security flaw. For additional details, refer to: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4706 The Red Hat Security Response Team has rated this issue as having low security impact. This issue was addressed in the PAM packages in Red Hat Enterprise Linux 5 via RHSA-2010:0819 and in Red Hat Enterprise Linux 6 via RHSA-2010:0891. A future update may correct this issue in the PAM packages in Red Hat Enterprise Linux 4. Not vulnerable. This issue did not affect Red Hat Directory Server 8 packages. We do not consider a denial of service flaw in a client application such as sftp to be a security issue. Not vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not have asserts enabled. This issue affects the versions of OpenSSH as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG are not affected by this issue. A future kernel update in Red Hat Enterprise Linux 6 may address this flaw. Not vulnerable. This issue did not affect the versions of sudo as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue does not affect versions of kvm package as shipped with Red Hat Enterprise Linux 5. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, and 5. It was addressed in Red Hat Enterprise Linux 6 via RHSA-2011:0677. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the versions of qt shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3 or 4 as they did not include support for the LDAP backend. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3 or 4 as they did not include support for the LDAP backend. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4, 5 or 6. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue did not affect the versions of libpng10 as shipped with Red Hat Enterprise Linux 4. This issue affected postfix packages in Red Hat Enterprise Linux 4, 5, and 6. It was corrected via RHSA-2011:0422 and RHSA-2011:0423. This issue did not affect the versions of sendmail as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6, and the versions of exim as shipped with Red Hat Enterprise Linux 4 and 5. Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 4, 5, or 6. Red Hat does not consider this flaw to be a security issue. The size argument of the grapheme_extract function is unlikely to from an untrusted source unfiltered, therefore the value passed to the function is under the the full control of the script author and no trust boundary is crossed. Not vulnerable. This issue did not affect the versions of evince as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of kbd as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they do not include the affected script. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for the Oracle Cluster File System (OCFS). Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2011-0521 This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for ULE (Unidirectional Lightweight Encapsulation). We have included a fix for this issue in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG however the affected module is not build by default. Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, or 6. The Red Hat Security Response Team has rated this issue as having no security impact. We do not plan to take any action regarding this flaw at this time. If additional information becomes available at a future date, we will revisit this issue and act accordingly. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-0421.html, and https://rhn.redhat.com/errata/RHSA-2011-0500.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG as they did not backport the upstream commit bf5fc093c that introduced this issue. Not vulnerable. This issue did not affect Red Hat Directory Server 8 packages. This issue did not affect the versions of the java-1.6.0-openjdk package as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not backport the upstream commit eb1d1641 that introduced net/bridge/br_multicast.c. It did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 as it did not backport the upstream commit 8ef2a9a5 that introduced this issue. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG as it does not have support for the S390 architecture. A future kernel update in Red Hat Enterprise Linux 6 may address this flaw. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-0429.html. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not have support for the XFS file system. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-0498.html, and https://rhn.redhat.com/errata/RHSA-2011-0500.html. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the driver for Native Instruments USB audio devices. It did not affect the Linux kernel as shipped with Red Hat Enterprise MRG as it did not enable support for this driver. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-0498.html. This issue only affects Red Hat Enterprise Linux 6 as we did not properly backport upstream commit b48fa6b9. The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG are not affected. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not include support for the bridge snooping functionality. A future update in Red Hat Enterprise Linux 6 may address this flaw. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw. We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 3, 4, or 5 (php). This issue was addressed in the php53 packages as shipped in Red Hat Enterprise Linux 5 before their first release in Red Hat Enterprise Linux 5.6, and it was addressed in the php package in Red Hat Enterprise Linux 6 via RHBA-2011:0615. Red Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed. Any process able to send signals to a running PHP process can terminate it by sending a carefully-chosen signal. Red Hat does not consider this flaw to be a security issue as arguments passed to the mt_rand function are under the full control of the script author. No trust boundary is crossed. This flaw exists in the php53 packages versions as shipped in Red Hat Enterprise Linux 5 and the php packages versions as shipped in Red Hat Enterprise Linux 6. Not vulnerable. This issue only affected Java versions running on Windows platform. It did not affect the versions of java-1.6.0-openjdk as shipped with Red Hat Enterprise Linux 5 and 6, and the java-1.6.0-sun packages as shipped with Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. Not vulnerable. This issue only affected Java versions running on Windows platform. It did not affect the versions of java-1.6.0-openjdk as shipped with Red Hat Enterprise Linux 5 and 6, and the java-1.6.0-sun packages as shipped with Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. Vulnerable. This issue affects vino packages in Red Hat Enterprise Linux 4, 5, 6, and kdenetwork packages in Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Vulnerable. This issue affects vino packages in Red Hat Enterprise Linux 4, 5, 6, and kdenetwork packages in Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue only affects Red Hat Enterprise Linux 6. The version of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not include upstream commit 71e3aac0 that introduced the problem. We have addressed this in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-0542.html. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0429.html, https://rhn.redhat.com/errata/RHSA-2011-0542.html and https://rhn.redhat.com/errata/RHSA-2011-0500.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for the Windows Logical Disk Manager. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5 as they did not include the affected functionality. A future update in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG may address this flaw. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not backport the upstream commits fff1ce4d and 45e4039c that introduced this issue. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-0498.html. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for the Windows Logical Disk Manager. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit a8f80e8f that introduced this flaw. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0498.html and https://rhn.redhat.com/errata/RHSA-2011-0500.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via RHSA-2012:0007, RHSA-2011:1530 and RHSA-2011:1253 respectively. The version of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and 6 as they did not include upstream commit a1a541d8 and a25ee920 that introduced the problem. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1253.html. The Linux kernel as shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG did not include support for the RDS Protocol, and therefore are not affected by this issue. The Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6 are not affected as they did not backport upstream commit 2e7b3b99 and 77dd550e that introduced this issue. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html and https://rhn.redhat.com/errata/RHSA-2011-0498.html, and https://rhn.redhat.com/errata/RHSA-2011-0330.html. Not vulnerable. This issue did not affect Red Hat Directory Server 8 packages. The Red Hat Security Response Team has rated this issue as having low security impact. A future glibc package update may address this issue in Red Hat Enterprise Linux 4. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG as they did not backport the upstream commit 4a2d7892 that introduced this issue. This issue does not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5. This was addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0542.html and https://rhn.redhat.com/errata/RHSA-2011-0500.html. This issue affected the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 and 6 via RHSA-2012:0150 and RHSA-2012:0862 respectively. There is no plan to address this flaw in Red Hat Enterprise Linux 4. Future updates may address this issue in Red Hat Enterprise MRG. Not vulnerable. This issue did not affect the versions of Apache Tomcat 5 as shipped with Red Hat Enterprise Linux 5, Red Hat Developer Suite 3, Red Hat Certificate System 7.3, Red Hat Network Satellite 5.3.0 and earlier versions and JBoss Enterprise Web Server 1.0. It did not affect the versions of Apache Tomcat 6 as shipped with Red Hat Enterprise Linux 6 and JBoss Enterprise Web Server 1.0. It also did not affect the versions of jbossweb as shipped with JBoss Enterprise Application Platform 4.3.0 and earlier versions, as this flaw only affects Apache Tomcat 7.0.0 to 7.0.10. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not backport the upstream commit 4b580ee3 that introduced this issue. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0429.html, https://rhn.redhat.com/errata/RHSA-2011-0542.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. This issue affects the versions of pidgin package as shipped with Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat does not consider this to be a security issue. Input passed to these functions should be under the full control of the script author, thus no trust boundary is crossed. Additionally, an administrator would have to disable, or excessively increase the memory_limit settings in the PHP configuration file to trigger this bug. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for the DCCP protocol. Future updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4, 5, or 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. The Red Hat Security Response Team has rated this issue as having low security impact. We do not currently plan to fix this flaw. If more information becomes available at a future date, we may revisit the issue. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4. Red Hat does not consider this flaw to be a security issue. It is improbable that a script would accept untrusted user input or unvalidated script input data as a PHAR archive file name to load. The file name passed to the PHAR-handling functions is therefore under the full control of the script author and no trust boundary is crossed. Not vulnerable. This issue did not affect the versions of logrotate as shipped with Red Hat Enterprise Linux 4 and 5, as they did not support 'shred' logrotate configuration directive yet. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0833.html, https://rhn.redhat.com/errata/RHSA-2011-0542.html, and https://rhn.redhat.com/errata/RHSA-2011-0500.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP). A future update in Red Hat Enterprise Linux 6 may address this flaw. To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled. This will prevent vino from using UPnP to allow access to the VNC port, and will ensure that any connections require a password and that the user is notified on any connection attempts. This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP). A future update in Red Hat Enterprise Linux 6 may address this flaw. To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled. This will prevent vino from using UPnP to allow access to the VNC port, and will ensure that any connections require a password and that the user is notified on any connection attempts. The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG are not affected as they did not backport upstream commit 719f82d3 that introduced this issue. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 or Red Hat Enterprise MRG. Red Hat does not provide support for the Acorn Econet network protocol. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG. Red Hat does not provide support for IrDA. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This was addressed in Red Hat Enterprise Linux 5 and 6 via https://rhn.redhat.com/errata/RHSA-2011-0927.html and https://rhn.redhat.com/errata/RHSA-2011-1189.html. A future kernel update in Red Hat Enterprise MRG may address this flaw. Not vulnerable. This issue did not affect the versions of Apache Tomcat 5 as shipped with Red Hat Enterprise Linux 5, Red Hat Developer Suite 3, Red Hat Certificate System 7.3, Red Hat Network Satellite 5.3.0 and earlier versions and JBoss Enterprise Web Server 1.0. It did not affect the versions of Apache Tomcat 6 as shipped with Red Hat Enterprise Linux 6 and JBoss Enterprise Web Server 1.0. It also did not affect the versions of jbossweb as shipped with JBoss Enterprise Application Platform 4.3.0 and earlier versions, as this flaw only affects Apache Tomcat 7.0.11. Not Vulnerable. These issues do not affect the versions of firefox and thunderbird package, as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the versions of libxslt package as shipped with Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not Vulnerable. This issue does not affect the version of conga as shipped with Red Hat Enterprise Linux 5 and Red Hat Cluster Suite EL4 This issue affects the version of php as shipped with Red Hat Enterprise Linux 6. This issue affects the version of php53 as shipped with Red Hat Enterprise Linux 5. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0514. A future update may address this flaw in Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of tetex as shipped with Red Hat Enterprise Linux 4 or 5, and the versions of texlive as shipped with Red Hat Enterprise Linux 6. Not vulnerable. This issue did not affect the versions of exim as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for DKIM. Not vulnerable. This issue did not affect the versions of Apache Tomcat 5 as shipped with Red Hat Enterprise Linux 5, Red Hat Developer Suite 3, Red Hat Certificate System 7.3, Red Hat Network Satellite 5.3.0 and earlier versions and JBoss Enterprise Web Server 1.0. It did not affect the versions of Apache Tomcat 6 as shipped with Red Hat Enterprise Linux 6 and JBoss Enterprise Web Server 1.0. It also did not affect the versions of jbossweb as shipped with JBoss Enterprise Application Platform 4.3.0 and earlier versions, as this flaw only affects Apache Tomcat 7.0.0 to 7.0.10. Red Hat does not consider this flaw to be a security issue. It is improbable that a script would accept untrusted user input or unvalidated script input data to the strval() function. Input passed to the functions is therefore under the full control of the script author and no trust boundary is crossed. As well, an administrator would have to excessively increase the precision settings in order to trigger this flaw. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 4 and 5. The getSymbol() and setSymbol() functions are unlikely to ever receive untrusted input as an $attr argument, and it is even less likely that they would receive such input when only a small set of pre-defined constants is expected. As a result, this flaw can only be triggered by the script author and cannot be used to cross trust boundaries. The Red Hat Security Response Team does not consider it to be security-relevant. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4 and 5. It has been addressed in Red Hat Enterprise Linux 5 (php53) and 6 (php). This issue did not affect the version of php as shipped with Red Hat Enterprise Linux 4. This issue does not affect the version of php shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue does not affect the version of php53 shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG as they did not backport the PaX patchset. Not vulnerable. This issue did not affect the versions of Apache Tomcat 5 as shipped with Red Hat Enterprise Linux 5, Red Hat Developer Suite 3, Red Hat Certificate System 7.3, Red Hat Network Satellite 5.3.0 and earlier versions and JBoss Enterprise Web Server 1.0. It did not affect the versions of Apache Tomcat 6 as shipped with Red Hat Enterprise Linux 6 and JBoss Enterprise Web Server 1.0. It also did not affect the versions of jbossweb as shipped with JBoss Enterprise Application Platform 4.3.0 and earlier versions, as this flaw only affects Apache Tomcat 7.0.0 to 7.0.11. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for Open Sound System (OSS). Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for Open Sound System (OSS). This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not support Generic Receive Offload (GRO). It has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0429.html, https://rhn.redhat.com/errata/RHSA-2011-0421.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0498.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html. The Red Hat Security Response Team has rated this issue as having low security impact, and it did not affect the versions of perl as shipped with Red Hat Enterprise Linux 4 and 5. A future update in Red Hat Enterprise Linux 6 may address this flaw. Not vulnerable. This issue did not affect the versions of rsyslog as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of rsyslog as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG. Red Hat does not provide support for the ROSE protocol. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not provide support for MPT (Message Passing Technology) based controllers. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0833.html, and https://rhn.redhat.com/errata/RHSA-2011-0542.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Not vulnerable. This issue affects the GlassFish Server Administration Console, which is not shipped with any Red Hat products. This issue affects the Red Hat HPC Solution which is End of Life. For more information please refer to: https://access.redhat.com/support/policy/updates/hpc/ This issue was addressed in krb5-appl packages in Red Hat Enterprise Linux 6 via RHSA-2011:0920 and krb5 packages in Red Hat Enterprise Linux 5 via RHSA-2012:0306. This issue is not planned to be addressed in Red Hat Enterprise Linux 4, where this issue was rated as having low security impact. Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5. Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5. Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 and 5. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not support SCTP authentication and extended parameters. It did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG as it has backported the upstream commit a8170c35 that addressed this. This has been addressed in Red Hat Enterprise Linux 5 and 6 via https://rhn.redhat.com/errata/RHSA-2011-0927.html and https://rhn.redhat.com/errata/RHSA-2011-0498.html. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not support Generic Receive Offload (GRO). This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html and https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0833.html, https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not backport the upstream commit bb1d9123 that introduced this issue. A future kernel update in Red Hat Enterprise Linux 6 may address this flaw. Not vulnerable. This issue did not affect the versions of Apache Tomcat 5 as shipped with Red Hat Enterprise Linux 5, Red Hat Developer Suite 3, Red Hat Certificate System 7.3, Red Hat Network Satellite 5.3.0 and earlier versions and JBoss Enterprise Web Server 1.0. It did not affect the versions of Apache Tomcat 6 as shipped with Red Hat Enterprise Linux 6 and JBoss Enterprise Web Server 1.0. It also did not affect the versions of jbossweb as shipped with JBoss Enterprise Application Platform 4.3.0 and earlier versions, as this flaw only affects Apache Tomcat 7.0.12 & 7.0.13. This issue did not affect the versions of the Xen package as shipped with Red Hat Enterprise Linux 4 and 6. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-0496.html. This issue did not affect the versions of Linux kernel as shipped in Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not ship mount.cifs with root setuid set. However, as a preventive meaasure, we have addressed this in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 did not include support for the CAN protocol, and therefore are not affected by this issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0836.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php On Red Hat Enterprise Linux, by default, mount.cifs is not provided with the setuid bit enabled. If a user has turned on the setuid bit (via chmod +s /sbin/mount.cifs), they would be affected by this issue, and can work around the problem by removing the setuid bit. Red Hat Enterprise Linux 3 does not provide the mount.cifs program. Not vulnerable. This issue did not affect the versions of gdm as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-1350.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-1350.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Red Hat Security Response team does not consider this bug to be security relevant one due to the privileges (CAP_SYS_RAWIO) required to exploit this issue. This issue did not affect the versions of nfs-utils as shipped with Red Hat Enterprise Linux 4 as it did not include include mount.nfs. It was addressed in Red Hat Enterprise Linux 5 and 6 via RHSA-2012:0310 and RHSA-2011:1534 respectively. This issue does not affect versions of kvm package as shipped with Red Hat Enterprise Linux 5. This issue only affects Red Hat Enterprise Linux 6. The version of the qemu/kvm as shipped with Red Hat Enterprise Linux 5 is not affected. Vulnerable. This issue has been addressed in Red Hat Network Satellite Server v 5.4.1 via RHSA-2011:0882 https://rhn.redhat.com/errata/RHSA-2011-0882.html and in Red Hat Network Proxy Server v5.4.1 via RHSA-2011:0881 https://rhn.redhat.com/errata/RHSA-2011-0881.html. This issue is not planned to be fixed in Red Hat Network Satellite Server versions 5.0.2, 5.1.1, 5.2.1, 5.3.0 and not planned to be fixed in Red Hat Network Proxy Server versions 5.0.2, 5.1.1, 5.2.1, and 5.3.0. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for the ARM architecture. Red Hat currently does not plan to address this issue. For details refer to: https://bugzilla.redhat.com/show_bug.cgi?id=700883#c18 Not vulnerable. This issue did not affect the version of libmodplug embedded in gstreamer-plugins as shipped with Red Hat Enterprise Linux 4. This issue only affects Red Hat Enterprise Linux 5 as we did not backport upstream Xen unstable commit 2dcdd2fcb945. The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6, and Red Hat Enterprise MRG are not affected. Not vulnerable. This issue did not affect the versions of exim as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for DKIM. The Linux kernel as shipped with Red Hat Enterprise Linux 4, and 5 did not provide support for Network Namespace, and therefore are not affected by this issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0928.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. This issue does not affect Red Hat Enterprise Linux 4 and 5: Red Hat Enterprise Linux 4 does not provide support for the Datagram Congestion Control Protocol (DCCP), and Red Hat Enterprise Linux 5, which does support DCCP, did not backport the upstream commit that introduced this issue, e77b8363b. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0836.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise Linux MRG as they did not backport the upstream commit cdff08e7 that introduced this issue. Future kernel updates for Red Hat Enterprise Linux 6 may address this flaw. Not vulnerable. This issue did not affect the versions of struts as shipped with Red Hat Enterprise Linux 5, Red Hat Network Satellite 5, JBoss Enterprise Web Server 1, JBoss Enterprise Application Platform 4, JBoss Enterprise Portal Platform 4 and JBoss Operations Network 2. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html and https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1065.html. Also, only systems running on x86 architecture with AMD processor and SVM virtualization extension enabled are affected. Not vulnerable. This issue did not affect the versions of ecryptfs-utils as shipped with Red Hat Enterprise Linux 5 or 6. This issue did affect the versions of kernel package as shipped with Red Hat Enterprise Linux 5. This issue did affect the versions of kvm package as shipped with Red Hat Enterprise Linux 5. Red Hat cannot backport the fix though as it is too invasive and has a high risk of introducing severe regressions at this point in the Red Hat Enterprise Linux 5 life-cycle. As such, Red Hat recommends that users of KVM on Red Hat Enterprise Linux 5 only use PCI passthrough with trusted guests. This issue did affect the versions of kernel package as shipped with Red Hat Enterprise Linux 6. This issue did not affect the versions of kernel-rt package as shipped with Red Hat Enterprise MRG as it did not provide support for virtualization. For further info please refer to the knowledge base article https://access.redhat.com/knowledge/articles/66747. Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not include support for Response Policy Zones (RPZ). This issue did not affect bind packages shipped with Red Hat Enterprise Linux 4 and 5. It affected bind97 packages shipped with Red Hat Enterprise Linux 5 and bind packages shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact. We do not currently plan to fix this flaw in Red Hat Enterprise Linux 4. If more information becomes available at a future date, we may revisit the issue. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not backport the upstream commit 4a94445c that introduced this issue. The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6, and Red Hat Enterprise MRG are not affected. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-0927.html. Also, only systems running on x86 architecture with Intel processor and VMX virtualization extension enabled are affected. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4 and 5. It has been addressed in Red Hat Enterprise Linux 5 (php53) and 6 (php). Not vulnerable. This issue did not affect the versions of NetworkManager as shipped with Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6, as they do not include the support for the elliptic curve cryptography. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 4, 5, or 6. This issue did not affect the versions of conga package as shipped with Red Hat Enterprise Linux 5 and with Red Hat Cluster Suite for Red Hat Enterprise Linux 4, as they did not include support for creation of new Plone content. Not Vulnerable. This issue does not affect the version of conga as shipped with Red Hat Enterprise Linux 5 and Red Hat Cluster Suite EL4 Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4, 5, or 6. This flaw is specific to Wireshark v1.4.5 version. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 4 or 5. Not vulnerable. This issue did not affect the versions of struts as shipped with Red Hat Enterprise Linux 5, Red Hat Network Satellite 5, JBoss Enterprise Web Server 1, JBoss Enterprise Application Platform 4, JBoss Enterprise Portal Platform 4 and JBoss Operations Network 2. Not vulnerable. This issue did not affect the versions of struts as shipped with Red Hat Enterprise Linux 5, Red Hat Network Satellite 5, JBoss Enterprise Web Server 1, JBoss Enterprise Application Platform 4, JBoss Enterprise Portal Platform 4 and JBoss Operations Network 2. Not vulnerable. This issue did not affect the versions of openswan as shipped with Red Hat Enterprise Linux 5 or 6. This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 4 and 5. We do not currently plan to fix this issue due to the lack of further information about the flaw and its impact. If more information becomes available at a future date, we may revisit the issue. Not vulnerable. This issue did not affect the version of libvirt as shipped with Red Hat Enterprise Linux 5 and 6 as we did not backport upstream commit d6623003. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for the Windows Logical Disk Manager. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG do not provide support for KSM (Kernel Samepage Merging). This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-1189.html. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not backport the upstream commit 47a150edc2a that introduced this issue. Not vulnerable. This issue did not affect the versions of xscreensaver as shipped with Red Hat Enterprise Linux 4. This did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not include support for Network Namespace. Future kernel updates in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG may address this issue. This issue affects the version of vte as shipped with Red Hat Enterprise Linux 4, 5 or 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. The Red Hat Security Response Team has reviewed this bug and determined it has no security impact on the tftp packages as shipped with Red Hat Enterprise Linux 4, 5, and 6. Refer to the following bugzilla for additional details: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2199 This issue did not affect the versions of Linux kernel as shipped in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they did not provide support for the Hierarchical File System (HFS). This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1479.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for the Alpha architecture. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for the Alpha architecture. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for the Alpha architecture. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for the Alpha architecture. This issue only affects Red Hat Enterprise Linux 6. The version of the qemu/kvm as shipped with Red Hat Enterprise Linux 5 is not affected because it does not provide support for indirect descriptors. This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-1189.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Not Vulnerable. This issue did not affect the version of Firefox as shipped with Red Hat Enterprise Linux 4, 5 or 6. Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not include support for Response Policy Zones (RPZ). Red Hat currently does not plan to address this issue. For details refer to: https://bugzilla.redhat.com/show_bug.cgi?id=700883#c18 Red Hat currently does not plan to address this issue. For details refer to: https://bugzilla.redhat.com/show_bug.cgi?id=700883#c18 Red Hat currently does not plan to address this issue. For details refer to: https://bugzilla.redhat.com/show_bug.cgi?id=700883#c18 The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG are not affected because they do not provide support for THP (Transparent Huge Pages). This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-0928.html. This issue did not affect any version of Tomcat shipped in Red Hat products. This flaw only affected Tomcat versions 7.0.0 - 7.0.16. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not backport the upstream commit 3ab224be6d6. It did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 6, and Red Hat Enterprise MRG as they have backported the upstream commit ea2bc483ff5 that Red Hat Enterprise Linux 5 did not. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1212.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not provide support for the Taskstats interface. This was fixed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html, https://rhn.redhat.com/errata/RHSA-2011-1350.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html. This flaw affects Apache CXF (WSS4J) and jbossws-native as shipped with various JBoss products. It does not affect JBoss Enterprise Application Platform 6 and JBoss Application Server 7.1.1 and above. These products include WSS4J 1.6.5, which incorporates a fix for this flaw. On affected products, this flaw can be mitigated by using the RSA-OAEP key wrap algorithm, instead of the default RSA-v1.5 algorithm. To use RSA-OAEP, edit the jboss-ws-security configuration file and add the property keyWrapAlgorithm="rsa_oaep" to the encrypt element. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. It has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG as they did not backport the upstream commit 66e61a9e that introduced this issue. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for EXT4 filesystem. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not provide support for the Taskstats interface. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1479.html, https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1212.html, https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit 5dee9e7c that introduced this issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not backport the upstream commit a63d83f4 that introduced this issue. This issue did not affect the versions of nfs-utils as shipped with Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this issue as having low security impact; a future update in Red Hat Enterprise Linux 6 may address this flaw. This issue affects the version of xorg-x11-apps shipped with Red Hat Enterprise linux 5 and 6. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0502. A future update may address this flaw in Red Hat Enterprise Linux 5. This issue only affects Red Hat Enterprise Linux 6. The version of the qemu/kvm as shipped with Red Hat Enterprise Linux 5 is not affected. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not provide support for the Linux wireless LAN (802.11) configuration API. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1212.html, https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for the TOMOYO Linux, Mandatory Access Control (MAC) implementation. This issue only affects Red Hat Enterprise Linux 5. The versions of the Linux kernel-xen as shipped with Red Hat Enterprise Linux 4, 6, and Red Hat Enterprise MRG are not affected. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1212.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not backport the upstream commit 41bf498 that introduced the issue. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-1350.html. Not vulnerable. This issue did not affect the versions of vsftpd as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6. This flaw affects Red Hat Enterprise Linux 4 and 5. It did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they have already backported the upstream commit 53b0f080 that addressed this flaw. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1065.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Future qemu-kvm updates in Red Hat Enterprise Linux 6 may address this flaw. This issue did not affect the versions of qemu-kvm as shipped with Red Hat Enterprise Linux 5 as it did not include support for "run as" functionality. This issue is compile-time only and does not affect binary dbus packages, shipped in Red Hat Enterprise Linux 5 and 6. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 5 and 6. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not have support for ipt_CLUSTERIP. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via http://rhn.redhat.com/errata/RHSA-2011-0833.html, http://rhn.redhat.com/errata/RHSA-2011-0498.html, and http://rhn.redhat.com/errata/RHSA-2011-0500.html. This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 4 and 5. Not vulnerable. This issue did not affect the versions of openoffice.org and openoffice.org2 packages as shipped with Red Hat Enterprise Linux 4, and the versions of openoffice.org packages as shipped with Red Hat Enterprise Linux 5 and 6. This issue did not affect the version of ruby package as shipped with Red Hat Enterprise Linux 4 and 5. This issue affects the version of ruby package as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the version of ruby package as shipped with Red Hat Enterprise Linux 4 and 5. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG as they did not provide support for the Global File System 2 (GFS2). This has been addressed in Red Hat Enterprise Linux 5 and 6 via https://rhn.redhat.com/errata/RHSA-2011-1065.html and https://rhn.redhat.com/errata/RHSA-2011-1189.html. Not vulnerable. This issue did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 4, 5, or 6. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html, https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for EXT4 filesystem. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise MRG as it has backported the fix that addresses this issue. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5 and 6 via https://rhn.redhat.com/errata/RHSA-2011-1386.html and https://rhn.redhat.com/errata/RHSA-2011-1465.html. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for the Si4713 I2C device. Not vulnerable. This issue did not affect the versions of freeradius as shipped with Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. This issue did not affect the versions of glibc as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for the Xtensa processor architecture. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue results in an OOB read which is not exploitable for arbitrary code execution and can simply cause a crash. We do not consider this as a security issue. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not backport the upstream commit a5b1cf28 that introduced this issue. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html, https://rhn.redhat.com/errata/RHSA-2011-1350.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Red Hat does not consider this flaw to be a security issue. The flags argument passed to the bsd_glob() function is solely under the control of the script author. This flaw was originally reported as resulting in information disclosure only, and was therefore assessed as having low security impact. On this basis, it was planned that future updates to JBoss products may address this flaw. New research [0] has now shown that this flaw can lead to remote code execution. The security impact has been re-assessed as important, and Red Hat is now working on patches for all affected products. [0] http://danamodio.com/application-security/discoveries/spring-remote-code-with-expression-language-injection/ Not vulnerable. This issue affects the Spring Security package, which is not shipped with any Red Hat products. Not vulnerable. This issue affects the Spring Security package, which is not shipped with any Red Hat products. This issue does not affect the version of libxml2 package as shipped with Red Hat Enterprise Linux 4 and 5. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit 393e52e3 that introduced this flaw. This has been addressed in Red Hat Enterprise Linux 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1350.html and https://rhn.redhat.com/errata/RHSA-2012-0010.html. The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6, and Red Hat Enterprise MRG are not affected. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1212.html. This issue did not affect Red Hat Enterprise Linux 4 and 5 as they did not include support for perf. This did not affect Red Hat Enterprise MRG as it uses the perf package from Red Hat Enterprise Linux 6. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-1465.html. Not a security issue as privileges equal to root are needed. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not provide support for the Comedi drivers. This issue did not affect Red Hat Enterprise Linux 4 and 5 as they did not include support for perf. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1350.html and https://rhn.redhat.com/errata/RHSA-2012-0333.html. Vulnerable. This issue affects foomatic packages in Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not provide support for the BeOS file system. Not vulnerable. This issue did not affect the versions of stunnel as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1386.html. Not vulnerable. This issue did not affect the versions of pidgin as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they contained a version of pidgin that did not support /who IRC protocol command. Not vulnerable. This issue did not affect the versions of firefox as shipped with Red Hat Enterprise Linux 5 or 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 4 and 5. Not Vulnerable. This issue does not affect the version of webkitgtk as shipped with Red Hat Enterprise Linux 6. Not Vulnerable. This issue does not affect the version of webkitgtk as shipped with Red Hat Enterprise Linux 6. This issue affects the version of webkitgtk as shipped with Red Hat Enterprise Linux 6. Not Vulnerable. This issue does not affect the version of webkitgtk as shipped with Red Hat Enterprise Linux 6. Not Vulnerable. This issue does not affect the version of webkitgtk as shipped with Red Hat Enterprise Linux 6. This issue affected the version of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 has been addressed via RHSA-2012:1288. This issue affects the version of mingw32-libxml2 as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue in Red Hat Enterprise Linux 6. This issue affects the version of webkitgtk as shipped with Red Hat Enterprise Linux 6. The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6, and Red Hat Enterprise MRG are not affected. It has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1386.html. This issue did not affect the versions of pam package as shipped with Red Hat Enterprise Linux 5. This issue did not affect the versions of pam package as shipped with Red Hat Enterprise Linux 4 and 5. Not affected. This flaw was introduced in CUPS due to an incomplete fix for CVE-2011-2896, which was not applied to any CUPS packages in Red Hat Enterprise Linux. Red Hat does not consider this flaw to be a security issue. It is improbable that a script would accept untrusted user input or unvalidated script input data and use it to malloc memory, without filtering/sanitizing it, therefore the value used to malloc memory is under the the full control of the script author and no trust boundary is crossed. Red Hat does not consider this to be a security flaw. As a malicious MSN server is needed, there are far worlse implications to a user connecting to an untrusted server than a DoS. This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. It has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html, https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. It has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html, https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Before updated packages are deployed, users can deploy configuration changes to mitigate this flaw: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3192#c18 This issue affects the version of evolution shipped with Red Hat Enterprise Linux 5 and 6. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0516. A future update may address this flaw in Red Hat Enterprise Linux 5. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4 and 5, openssl096b as shipped with Red Hat Enterprise Linux 4, openssl097a as shipped with Red Hat Enterprise Linux 5, or openssl098e as shipped with Red Hat Enterprise Linux 6. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 6, and Red Hat Enterprise MRG, as they either do not have the sample_to_timespec() function, or have already backported upstream commit f8bd2258, which addresses this issue. It was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1386.html. Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6, as they do not include the support for the elliptic curve cryptography. This issue does not affect the version of wireshark shipped with Red Hat Enterprise Linux 4, 5 and 6. Not Vulnerable. This issue did not affect the version of php shipped with Red Hat Enterprise Linux 6. This issue did not affect the version of php53 shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue did not affect the version of php53 as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5 as they did not include the upstream commit that introduced this issue. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6, and Red Hat Enterprise MRG as they did not provide support for the Infiniband Sockets Direct Protocol (SDP). This issue only affects qemu as shipped with Red Hat Enterprise Linux 5 xen packages. The versions of the qemu/kvm as shipped with Red Hat Enterprise Linux 5 are not affected. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1386.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for ServerEngines' 10Gbps network adapter - BladeEngine. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-1530.html. A future kernel update in Red Hat Enterprise MRG may address this issue. This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4 and 5 as this flaw was introduced in version 2.2.12. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as they did not provide support for FUSE. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 as they did not backport the upstream commit 3b463ae0c6264f that introduced this issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1465.html and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Not vulnerable. This issue did not affect the versions of evolution as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue did not affect the version of evolution28 as shipped with Red Hat Enterprise Linux 4. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not provide support for Broadcom 43xx wireless devices. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Not Vulnerable. This issue does not affect the version of wireshark shipped with Red Hat Enterprise Linux 4, 5 or 6. This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1479.html, https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Not vulnerable. This issue did not affect the versions of NetworkManager as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for writing NetworkManager configurations to the standard /etc/sysconfig/network-scripts/ifcfg-* files. Not affected. This flaw did not affect any version of Tomcat shipped in Red Hat products. This flaw only affected Tomcat versions 7.0.0 - 7.0.21. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4, 5, or 6. Red Hat is aware of, and tracking, the Rizzo/Duong chosen plain text attack on SSL/TLS 1.0, also known as "BEAST". This issue has been assigned CVE-2011-3389. This attack uses web browser extensions to exploit a weakness in SSL/TLS cipher-block chaining (CBC), allowing a man-in-the-middle attacker to recover certain session information, such as cookie data, from what should be a secure connection. The research shows two ways that an attacker could mount an attack. In both cases the attacker needs access to the data stream from the web browser to the server while a user visits a malicious website using a browser. The attacker may then be able to determine a portion of the data the browser sends to the server by making a large number of requests over a period of time. This data could include information such as an authentication cookie. The first method of attack involves using WebSockets. Currently, Red Hat does not ship any products that allow an attack using WebSockets to be successful. We are planning to update Firefox to version 7, which contains protections in the WebSocket code that prevents this particular attack from being effective. The second method of attack involves using a malicious Java applet. In order for the attack to be successful, the attacker would need to circumvent the Same Origin Policy (SOP) controls in Java. The researchers claim to have found a flaw in the Java SOP and we will issue updates to correct this flaw as suitable fixes are available. We are in contact with various upstream projects regarding this attack. As a precautionary measure, we plan to update the Network Security Services (NSS), GnuTLS, and OpenSSL packages as suitable fixes are available. We will continue to track this issue and take any appropriate actions as needed. This statement and any updates to it is available at: https://bugzilla.redhat.com/show_bug.cgi?id=737506 Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4, 5, or 6. Oracle OpenSSO is provided as part of the opensso quickstart example application shipped with JBoss Enterprise SOA Platform 5. The CVE-2011-3506, CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso quickstart example application is deployed, or you have created and deployed a custom application that is packaged with a copy of Oracle OpenSSO as provided by the opensso quickstart. The opensso quickstart has been removed in JBoss Enterprise SOA Platform 5.3.0 to address these flaws. Users interested in continuing to receive updates for their custom applications using Oracle OpenSSO are advised to contact Oracle as Red Hat is no longer supporting OpenSSO. Oracle OpenSSO is provided as part of the opensso quickstart example application shipped with JBoss Enterprise SOA Platform 5. The CVE-2011-3506, CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso quickstart example application is deployed, or you have created and deployed a custom application that is packaged with a copy of Oracle OpenSSO as provided by the opensso quickstart. The opensso quickstart has been removed in JBoss Enterprise SOA Platform 5.3.0 to address these flaws. Users interested in continuing to receive updates for their custom applications using Oracle OpenSSO are advised to contact Oracle as Red Hat is no longer supporting OpenSSO. Not vulnerable. This issue affects the GlassFish Web Container component. This component is not shipped with any Red Hat products. JBoss Web and Tomcat provide the web container used in all JBoss products. Not vulnerable. This issue did not affect the versions of conga as shipped with Red Hat Cluster Suite for Red Hat Enterprise Linux 4 and 5. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG. It affects the Linux kernel as shipped with Red Hat Enterprise Linux 6 due to incorrect backporting of upstream patches. A future kernel update in Red Hat Enterprise Linux 6 may address this issue. Not vulnerable. This issue did not affect the version of pidgin as shipped with Red Hat Enterprise Linux 6 as it explicitly disables support for the SILC protocol. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ Not Vulnerable. This issue does not affect the version of radvd package as shipped with Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in radvd. A failure in privsep_init() does not cause radvd to run with full root privileges when invoked with the --username option specifying an unprivileged user. Rather it will run as a single process as the specified (unprivileged) radvd user, causing this issue to have no security impact (no unintended privilege elevation). The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in radvd. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in radvd. Not vulnerable. This issue only affects community JBoss AS 7 prior to 7.1.0 Beta 1. It does not affect components shipped with any Red Hat products. The Red Hat Security Response Team has rated this issue as moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not vulnerable. This issue only affects community JBoss AS 7 prior to 7.1.0 Beta 1. It does not affect components shipped with any Red Hat products. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not provide support for the AppArmor security module. This flaw only affects the clustered implementation in qpid-cpp (qpidd-cpp-server-cluster) which is only available in Red Hat Enterprise MRG. The qpid-cpp-server as provided with Red Hat Enterprise Linux 6 does not include this functionality, and is thus not affected. This issue does not affect the version of hardlink, as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in hardlink. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in hardlink. This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 4, and 6 as it did not backport the upstream commit ec6fd8a4 that introduced this issue. This has been addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0007.html and https://rhn.redhat.com/errata/RHSA-2012-0010.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for EXT4 filesystem. It did not affect the Linux kernel as shipped with Red Hat Enterprise MRG as it has backported the upstream commit 667eff35 that addressed this issue. This has been addressed in Red Hat Enterprise Linux 5 and 6 via https://rhn.redhat.com/errata/RHSA-2012-0107.html and https://rhn.redhat.com/errata/RHSA-2011-1530.html. This issue did not affect the version of firefox and thunderbird packages as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue did not affect the version of seamonkey package as shipped with Red Hat Enterprise Linux 4. This issue affects the version of libxml2 as shipped with Red Hat Enterprise Linux 4, 5 and 6 and has been addressed via RHSA-2012:0016, RHSA-2012:0017 and RHSA-2012:0018 respectively. This issue affects the version of mingw32-libxml2 as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue in Red Hat Enterprise Linux 6. This issue affected the versions of libxml2 as shipped with Red Hat Enterprise Linux 4, 5 and 6 and has been addressed via RHSA-2012:0016, RHSA-2012:0017 and RHSA-2012:0018 respectively. This issue affects the version of mingw32-libxml2 as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue in Red Hat Enterprise Linux 6. This issue does not affect the version of qt as shipped with Red Hat Enterprise Linux 4 and 5. This issue does not affect the version of qt3 as shipped with Red Hat Enterprise Linux 6. This issue does not affect the version of qt4 as shipped with Red Hat Enterprise Linux 5. This issue affects the version of qt as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. This issue does not affect the version of pango as shipped with Red Hat Enterprise Linux 4, 5 and 6. Not vulnerable. This issue did not affect the versions of libvorbis as shipped with Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in libxslt. Not vulnerable. This issue did not affect the versions of conga as shipped with Red Hat Cluster Suite for Red Hat Enterprise Linux 4 and as shipped with Red Hat Enterprise Linux 5 as they did not include support for CMFEditions. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for XFS filesystem. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0007.html, https://rhn.redhat.com/errata/RHSA-2012-0350.html, and https://rhn.redhat.com/errata/RHSA-2012-0333.html. The Red Hat Security Response Team does not consider this to be a security issue. For additional information, refer to: https://bugzilla.redhat.com/show_bug.cgi?id=749324#c1. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, and 5 as they did not include support for the GHASH message digest algorithm. This has been addressed in Red Hat Enterprise Linux 6, and MRG via https://rhn.redhat.com/errata/RHSA-2012-0350.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0107.html, https://rhn.redhat.com/errata/RHSA-2012-0571.html, and https://rhn.redhat.com/errata/RHSA-2012-0670.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Not vulnerable. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5, and 6 as they did not backport the upstream commit 462fb2af that introduced this issue. It did not affect the Linux kernel as shipped with Red Hat Enterprise MRG as it has already backported the upstream patches f8e9881c, 66944e1c, c65353da, and 10949550 that addressed this issue. Not vulnerable. This issue did not affect the versions of bzip2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include the bzexe executable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 4 and 5 as they did not include IPv6 support. This issue was introduced with the addition of IPv6 support in Squid 3.1 (in the changes made to the idnsGrokReply function). This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and 6 as they did not backport the upstream commit f755a04 that introduced this. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0333.html. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4, 5 and 6, as they did not include support for the CSN.1 dissector. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4 as they do not include support for DTLS protocol. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4 and 6. This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1479.html, https://rhn.redhat.com/errata/RHSA-2011-1530.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This issue does not affect versions of kvm package as shipped with Red Hat Enterprise Linux 5. Red Hat Security Response team does not consider this bug to be security relevant one due to the privileges required to exploit this issue. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0107.html, https://rhn.redhat.com/errata/RHSA-2011-1849.html, and https://rhn.redhat.com/errata/RHSA-2012-0333.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This issue does not affect the version of gnutls as shipped with Red Hat Enterprise Linux 4. This issue does not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 as it does not provide support for NFS ACLs. This issue does not affect the Linux kernel as shipped with Red Hat Enterprise Linux 5. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0333.html. Future kernel updates in Red Hat Enterprise Linux 6 may address this issue. This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0007.html, https://rhn.redhat.com/errata/RHSA-2012-0350.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4, 5 or 6. This issue does affect Red Hat Enterprise Virtualization 2 and 3. Red Hat Enterprise Virtualization 2 is now in Production 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Virtualization Life Cycle: https://access.redhat.com/support/policy/updates/rhev/. This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4 and 5 due to differences in apr-util's apr_uri_parse() implementation. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they did not have the vulnerable code as introduced in history:1a7bc914. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6 and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not provide support for UDP Fragmentation Offload (UFO) functionality. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, and 6, as they use a built-in entropy pool to generate and retrieve entropy information when performing host-based authentication. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they did not include support for the Hierarchical File System (HFS) file system. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html. Not vulnerable. This issue affects the MyFaces 2 package, which is not shipped with any Red Hat products. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0350.html. A future kvm update in Red Hat Enterprise 5 may address this flaw. This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6 and Red Hat Enterprise MRG as they were not vulnerable to CVE-2011-2482. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6 as they did not include support for the ECDH or ECDHE ciphers. Not vulnerable. This issue affects the Mojarra 2 package, which is not shipped with any Red Hat products. Not vulnerable. This issue affects the MyFaces 2 package, which is not shipped with any Red Hat products. Not vulnerable. This issue did not affect the versions of system-config-printer as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not include support for installing driver packages from the OpenPrinting database, only PPDs (with user consent). The ASF Security Team does not consider resource exhaustion caused by .htaccess files to be a security defect. The Red Hat Security Response Team agrees with their assessment and so does not consider this to be a security flaw. This issue affects the versions of the conga package as shipped with Red Hat Cluster Suite for Red Hat Enterprise Linux 4 and with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 4 is now in Production 3 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue in Red Hat Enterprise Linux 5. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 4 and 5. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4 and 5. This issue affects the versions of the acpid package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in acpid. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG as they did not provide support for the sendmmsg syscall. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0350.html. This issue affect Red Hat Enterprise Linux 6 and has been addressed via https://rhn.redhat.com/errata/RHBA-2012-0013.html. Red Hat Enterprise Linux 5 is not affected. The Red Hat Security Response Team has rated this issue as having low security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not vulnerable. This issue did not affect the version of pidgin as shipped with Red Hat Enterprise Linux 6 as it explicitly disables support for the SILC protocol. Not vulnerable. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not include support for the BATMAN (Better Approach To Mobile Ad-hoc Networking) out-of-tree kernel module. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4 and 5 as they did not have support for Performance event. It did not affect Red Hat Enterprise MRG as it did not provide support for PowerPC. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0350.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. It has been addressed in Red Hat Enterprise 5 and 6 via https://rhn.redhat.com/errata/RHSA-2012-0051.html and https://rhn.redhat.com/errata/RHSA-2012-0350.html. We do not currently plan to fix this issue due to the lack of further information about the flaw and its impact. If more information becomes available at a future date, we may revisit the issue. We do not currently plan to fix this issue due to the lack of further information about the flaw and its impact. If more information becomes available at a future date, we may revisit the issue. A buffer overflow flaw was found in the MIT krb5 telnet daemon (telnetd) as shipped with all supported versions of Red Hat Enterprise Linux. A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root. While we are aware of public exploits for this issue that include targets for Red Hat Enterprise Linux 3, we are not aware of any yet which would be successful in gaining arbitrary root code execution in Red Hat Enterprise Linux 4, 5, or 6. However it is plausible that one could be created to do so. Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package. For users who have enabled the krb5 telnet daemon and have it accessible remotely, they should disable it or apply the updates we have released. Since same encryption code is shared between the MIT krb5 telnet daemon and the telnet client, this issue affects the telnet client as well. The updates we have released fixes the issue for both, the telnet daemon and the telnet client. Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 4, 5, and 6 as they did not include support for enhanced DDNS logging. Not vulnerable. Apache ActiveMQ is not shipped with any supported Red Hat products. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG. Red Hat does not provide support for the ROSE protocol. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG. Red Hat does not provide support for the ROSE protocol. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue in Red Hat Enterprise Linux 4 or 5 (it has been addressed in Red Hat Enterprise Linux 6). For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not Vulnerable. This issue does not affect the version of pidgin as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not vulnerable. This issue did not affect the version of polkit as shipped with Red Hat Enterprise Linux 6 as it did not include the upstream commit 763faf434b445c20ae9529100d3ef5290976d0c9 that introduced this issue. This issue did not affect the version of cobbler as shipped with Red Hat Network Satellite Server 5.4 as Red Hat Network Satellite Server did not include support for Cobbler web interface. This issue did not affect the version of cobbler as shipped with Red Hat Network Satellite Server 5.4 as it did not include the upstream commit d7b30b5fca5097c544ca37ade8c945a3106b1896 that introduced this flaw. This issue did not affect the version of cobbler as shipped with Red Hat Network Satellite Server 5.4 as it did not include the upstream commit be4fc806637cf8cec275fea80b892182879580eb that introduced this flaw. This flaw was corrected in Red Hat Enterprise Linux 6 via RHBA-2012:0881. It also does affect Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not vulnerable. This issue affects the GlassFish Web Container component. This component is not shipped with any Red Hat products. JBoss Web and Tomcat provide the web container used in all JBoss products. Not Vulnerable. This issue does not affect the versions of struts as shipped with various Red Hat products. This issue was addressed in Red Hat Enterprise Linux 5 openssl packages via RHBA-2011:1010, bug 698175. It did not affect openssl packages shipped with Red Hat Enterprise Linux 6. This bug is not a security issue. For detailed explanation, refer to: https://bugzilla.redhat.com/show_bug.cgi?id=853321#c4 Not Vulnerable. This issue did not affect the version of tetex as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of t1lib and evince as shipped with Red Hat Enterprise Linux 6. Because the advisory released to fix CVE-2010-2642 completely resolved the problem without introducing this flaw. Not vulnerable. This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5 and 6, as they did not include GOST engine support. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not have support for robust futexes. It did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they have the backported fixes. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0107.html. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not vulnerable. This issue did not affect the versions of emacs as shipped with Red Hat Enterprise Linux 4, 5 or 6 as they did not include support for CEDET. Not vulnerable. This issue did not affect the versions of curl as shipped with Red Hat Enterprise Linux 4, 5 or 6. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not have support for the XFS file system. It did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 5 as it did not backport the upstream commit ef14f0c1 that introduced the vulnerability. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0350.html, and https://rhn.redhat.com/errata/RHSA-2012-0333.html. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport commit 884840aa that introduced this issue. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. This issue did not affect the versions of kvm as shipped with Red Hat Enterprise Linux 5 as they did not include support for syscall instruction emulation. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0350.html. Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5, and 6. This issue affects httpd packages as shipped with Red Hat Enterprise Linux 3 and 4, which are now in the Extended Life Phase of their life cycle. Therefore this issue is not planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/ Not vulnerable. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not provide support for overlayfs. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as it did not backport the upstream commit 198214a7ee. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0052.html and https://rhn.redhat.com/errata/RHSA-2012-0061.html. For more information, please read https://access.redhat.com/kb/docs/DOC-69129. Not vulnerable. This issue did not affect versions of xorg-x11 as shipped with Red Hat Enterprise Linux 4. This issue did not affect versions of xkeyboard-config as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of usbmuxd as shipped with Red Hat Enterprise Linux 6. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4, 5, and 6. Oracle OpenSSO is provided as part of the opensso quickstart example application shipped with JBoss Enterprise SOA Platform 5. The CVE-2011-3506, CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso quickstart example application is deployed, or you have created and deployed a custom application that is packaged with a copy of Oracle OpenSSO as provided by the opensso quickstart. The opensso quickstart has been removed in JBoss Enterprise SOA Platform 5.3.0 to address these flaws. Users interested in continuing to receive updates for their custom applications using Oracle OpenSSO are advised to contact Oracle as Red Hat is no longer supporting OpenSSO. Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not backport the upstream commit 5b7c8406. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6, and Red Hat Enterprise MRG, as those versions have a guard page between the end of the user-mode accessible virtual address space and the beginning of the non-canonical area due to CVE-2005-1764 fix, and hardened system call handler due to CVE-2006-0744 fix. This issue did affect the versions of Xen hypervisor as shipped with Red Hat Enterprise Linux 5. A kernel-xen update for Red Hat Enterprise Linux 5 is available to address this flaw. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5 as we did not have support for sysenter and compat (32bit) version of syscall instructions for PV guests running on the Xen hypervisor (introduced in upstream changeset 16207:aeebd173c3fa). This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 4, 5 and 6 as they did not include support for DTLS. Not Vulnerable. This issue does not affect the versions of struts as shipped with various Red Hat products. Not Vulnerable. This issue does not affect the versions of struts as shipped with various Red Hat products. Not Vulnerable. This issue does not affect the versions of struts as shipped with various Red Hat products. Not Vulnerable. This issue does not affect the versions of struts as shipped with various Red Hat products. Not vulnerable. This issue did not affect the versions of firefox as shipped with Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 and 6, since MySQL packages in Red Hat Enterprise Linux are linked against OpenSSL, and not against yaSSL. Not vulnerable. Upstream notes this issue only affected MySQL 5.5.x. Red Hat Enterprise Linux 5 and 6 include MySQL versions 5.0.x and 5.1.x respectively, which are not listed as affected. Not Vulnerable. This issue does not affect the version of acroread as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact. Trousers is only useful on systems with TPM hardware, additionally local access is required to exploit of this issue. Exploitation of this issue only results in a crash of the tcsd daemon which can be restarted. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Red Hat does not consider this flaw to be a security issue. The bug can only be triggered by the PHP script author, which does not cross trust boundary. Not Vulnerable. This issue only affects Apache CXF 2.4.5 and 2.5.1. Earlier versions were not affected and later versions include a fix for this issue. This issue does not affect the versions of Apache CXF as shipped with various Red Hat products. Not vulnerable. This issue did not affect the versions of sudo as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not include the vulnerable debugging support. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and 6. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0333.html. Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 4, 5, and 6. This issue did not affect the version of samba3x as shipped with Red Hat Enterprise Linux 5. This issue did not affect the version of samba4 as shipped with Red Hat Enterprise Linux 6. Not vulnerable. This issue did not affect the versions of libvpx as shipped with Red Hat Enterprise Linux 6. This issue affects the version of php as shipped with Red Hat Enterprise Linux 6. This issue affects the version of php53 as shipped with Red Hat Enterprise Linux 5. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0514. A future update may address this flaw in Red Hat Enterprise Linux 5. Not Vulnerable. This issue does not affect the versions of struts as shipped with various Red Hat products. The Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in mingw32-libxml2. This issue does affect Red Hat Enterprise Virtualization 2 and 3. Red Hat Enterprise Virtualization 2 is now in Production 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Virtualization Life Cycle: https://access.redhat.com/support/policy/updates/rhev/. This issue does affect Red Hat Enterprise Virtualization 2 and 3. Red Hat Enterprise Virtualization 2 is now in Production 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Virtualization Life Cycle: https://access.redhat.com/support/policy/updates/rhev/. This issue affects the version of xinted shipped with Red Hat Enterprise Linux 5 and 6. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0499. A future update may address this flaw in Red Hat Enterprise Linux 5. This issue did not affect samba3x packages as shipped with Red Hat Enterprise Linux 5 and samba packages as shipped with Red Hat Enterprise Linux 6, as it only affected Samba versions prior to 3.4.0. This issue was addressed in samba packages in Red Hat Enterprise Linux 4 and 5 via RHSA-2012:0332. This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 6. This issue does not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not provide support for CLONE_IO. This issue does not affect the Linux kernel as shipped with Red Hat Enterprise MRG as they already contain the fix. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0481.html. We do not currently plan to fix this issue due to the lack of further information about the flaw and its impact. If more information becomes available at a future date, we may revisit the issue. Not vulnerable. This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 3, 4, 5 and 6. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6. This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2. Not Vulnerable. This issue only affects struts 2, it does not affect the versions of struts as shipped with various Red Hat products. Not Vulnerable. This issue only affects the struts-cookbook and struts-examples packages, which are not shipped by Red Hat. It does not affect the struts component as shipped with various Red Hat products. Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 and 5. Not Vulnerable. This issue does not affect the version of krb5 package as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 5. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 5 as they did not include support for PKINIT. These issues only affect a script used during package build and do not affect binary iproute packages shipped with Red Hat Enterprise Linux. Therefore, they are not planned to be addressed in iproute packages in Red Hat Enterprise Linux 5 and 6, they are only planned to be addressed in the future Red Hat Enterprise Linux versions. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the commit a6ce4932fbdbcd8f8e8c6df76812014351c32892 that introduced this issue. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise MRG 2. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0481.html. Not vulnerable. This issue only affects community JBoss AS 7 prior to 7.1.1. It does not affect components shipped with any Red Hat products. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 5 as it did not backport upstream commits 4206d3aa and 5bde4d18. Not vulnerable. This issue did not affect the versions of taglib as shipped with Red Hat Enterprise Linux 6. taglib is only used in client applications. We do not consider a user-assisted crash of a client application such as k3b or Totem to be a security issue. Not vulnerable. This issue did not affect freetype packages as shipped with Red Hat Enterprise Linux 5 and 6, as they do not enable TrueType bytecode interpreter. This bug is not a security issue. For detailed explanation, refer to: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1129#c5 Not vulnerable. This issue did not affect freetype packages as shipped with Red Hat Enterprise Linux 3, 4, 5, and 6. Not vulnerable. This issue did not affect freetype packages as shipped with Red Hat Enterprise Linux 5 and 6, as they do not enable TrueType bytecode interpreter. Not vulnerable. This issue did not affect freetype packages as shipped with Red Hat Enterprise Linux 5 and 6, as they do not enable TrueType bytecode interpreter. This vulnerability only applies to RHN Satellite 5.4 when running on Red Hat Enterprise Linux 6 under mod_wsgi. As the code uses mod_python when performing these checks on Red Hat Enterprise Linux 5, that version is not vulnerable to this flaw. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 as they did not include support for control groups. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 as they did not include support for memory control groups threshold notifications. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise MRG as they did not include support for memory control groups. Not vulnerable. This issue did not affect the versions of libzip and php as shipped with Red Hat Enterprise Linux 6. This issue did not affect the versions of php53 as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of libzip and php as shipped with Red Hat Enterprise Linux 6. This issue did not affect the versions of php53 as shipped with Red Hat Enterprise Linux 5. This issue did not affect openldap as shipped with Red Hat Enterprise Linux 5 as it did not contain the relevant assertion. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0899.html We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php The Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue affects the version of samba4, openchange and evolution-mapi packages as shipped with Red Hat Enterprise Linux 6. A future security update may address this flaw. Not vulnerable. This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5 and 6 as they did not backport the insufficient patch for CVE-2012-0247. Not vulnerable. This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5 and 6 as they did not backport the insufficient patch for CVE-2012-0248. The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not Vulnerable. This issue did not affect the version of openjpeg as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue did not affect the version of file as shipped with Red Hat Enterprise Linux 5, as it did not include support for parsing of header sections of Composite Document Files (CDF) yet. This issue affects the version of the file package, as shipped with Red Hat Enterprise Linux 6. Red Hat does not consider bugs which result in a user-assisted crash of an end user application (such as file) to be a security issue. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0480.html. A future kernel update for Red Hat Enterprise Linux 4 may address this issue. taglib is only used in client applications. We do not consider a user-assisted crash of a client application such as k3b or Totem to be a security issue. This issue affects the version of samba/samba3x as shipped with Red Hat Enterprise Linux 5. This issue is not currently planned to be addressed in future updates. The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not Vulnerable. This issue only affects struts 2, it does not affect the versions of struts as shipped with various Red Hat products. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0571.html. A future kvm update in Red Hat Enterprise 5 may address this flaw. Not vulnerable. This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 6 as it did not backport the insufficient patch for CVE-2012-0259. The upstream development team of the JDBC driver for the PostgreSQL database does not consider improper escaping of certain JDBC statement / query parameters, when the JDBC driver of version older than the version of underlying PostgresSQL server is being used, to be a security defect. In general, the JDBC driver for the PostgreSQL database does not promise to work with server releases newer than the driver release. The Red Hat Security Response Team agrees with their assessment and so does not consider this to be a security flaw. Not vulnerable. This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 4, 5, or 6. Not vulnerable. This issue did not affect the versions of xorg-x11-xfs as shipped with Red Hat Enterprise Linux 5. It does not affect Red Hat Enterprise Linux 6 as it no longer uses or provides the XFS font server. This flaw did not affect the versions of PHP in Red Hat Enterprise Linux 3 or 4. Updates were released for Red Hat Enterprise Linux 5 and 6 (RHSA-2012:0546, RHSA-2012:0547), Red Hat Enterprise Linux 5.3 Long Life (RHSA-2012:0568), Red Hat Enterprise Linux 5.6, 6.0, and 6.1 Extended Update Support (RHSA-2012:0568, RHSA-2012:0569), and Red Hat Application Stack v2 (RHSA-2012:0570). This flaw only affected PHP CGI configurations and it did not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts. Note that this issue was not fixed completely the first time, which resulted in the assignment of additional related CVE identifiers - CVE-2012-2311, CVE-2012-2335, and CVE-2012-2336. Refer to the Red Hat CVE Database and the Red Hat Bugzilla for additional information on how those CVEs affect Red Hat products. Not Vulnerable. This issue does not affect the version of Firefox and Thunderbird package as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of Firefox and Thunderbird package as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of Firefox and Thunderbird package as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue only affects apache-commons-compress as shipped with Fedora. It does not affect components shipped with any Red Hat products. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise MRG 2. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5. Red Hat does not consider crash of end user application such as xorg-x11-server caused by local user actions to be a security flaw. This issue does not affect MySQL as shipped with Red Hat Enterprise Linux 4, 5, or 6. For a technical explanation please see https://bugzilla.redhat.com/show_bug.cgi?id=814605#c19 This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, and 5. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0670.html. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0743.html. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and 6 as they did not backport the upstream commit 423e0ab0 that introduced this issue. A future kernel update in Red Hat Enterprise MRG may address this issue. Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5 and 6, as there were no updates released with an incomplete CVE-2012-2110 fix. Not vulnerable. This issue did not affect the versions of libsoup as shipped with Red Hat Enterprise Linux 5 and 6, as they do not include support for the SOUP_MESSAGE_CERTIFICATE_TRUSTED feature. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5. Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux MRG 2 may address this issue. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG. Future kernel updates for Red Hat Enterprise Linux 6 may address this issue. This issue did not affect the version of php as shipped with Red Hat Enterprise Linux 5 as it did not include FreeSec's libcrypt cryptographic algorithms implementation yet. This issue was addressed in php53 package for Red Hat Enterprise Linux 5 via RHSA-2012:1047 and in php package for Red Hat Enterprise Linux 6 via RHSA-2012:1046. The Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. We do not currently plan to fix this issue due to the lack of further information about the flaw and its impact. If more information becomes available at a future date, we may revisit the issue. Not Vulnerable. This issue does not affect the version of pidgin as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. Red Hat did not release PHP packages updates addressing CVE-2012-1823 that introduce the CVE-2012-2311 issue. Therefore, this CVE does not affect any Red Hat products. Red Hat has rated the CVE-2012-2313 flaw as having low security impact. Future kernel updates for Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise Linux MRG may address this issue. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG, as those versions do not have CONFIG_HFSPLUS_FS option enabled. The Red Hat Security Response Team has rated this issue as having low security impact. A future kernel updates in Red Hat Enterprise Linux 5 may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 4, 5, or 6. This flaw only affects PHP 5.4.0 through 5.4.2. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3 and 4. The openssl versions in Red Hat Enterprise Linux 5 and 6 were partially affected, as they support DTLS, but they do not support TLS 1.1 and TLS 1.2. This issue was addressed in Red Hat Enterprise Linux 5 and 6 via RHSA-2012:0699. This issue affects the version of gdk-pixbuf and gtk2 as shipped with Red Hat Enterprise Linux 5. This issue affects the version of gtk2 as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux MRG. Future kernel updates for Red Hat Enterprise Linux 5 and 6 may address this issue. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG. Kernel update RHSA-2012:0743 https://rhn.redhat.com/errata/RHSA-2012-0743.html for Red Hat Enterprise Linux 6 did address this issue. Not vulnerable. This flaw is specific to PHP on Windows. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 may address this issue. This issue did not affect the version of php as shipped with Red Hat Enterprise Linux 5 as it did not include support for phar extension yet. This issue was addressed in php53 package for Red Hat Enterprise Linux 5 via RHSA-2012:1047 and in php package for Red Hat Enterprise Linux 6 via RHSA-2012:1046. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 as they did not include the upstream commit 84afd99b that introduced this issue. Future kernel updates for Red Hat Enterprise Linux 6 may address this issue. This has been addressed in Red Hat Enterprise Linux Red Hat Enterprise MRG 2 via https://rhn.redhat.com/errata/RHSA-2012-1150.html This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue did not affect the version of cobbler as shipped with Red Hat Network Satellite Server 5.3.0, as it did not include the upstream commit 0e5f6f2d50d460f4c6b0c9f62cfed0ff5c546906 that introduced this flaw. This issue affects the version of cobbler as shipped with Red Hat Network Satellite Server 5.4.0. This issue affects the version of the taglib package as shipped with Red Hat Enterprise Linux 6. The taglib library is used in client applications only though. Red Hat Security Response Team does not consider a user-assisted crash of a client application such as k3b or Totem to be a security issue. The Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future updates for Red Hat Network Proxy or Red Hat Network Satellite. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. The Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Red Hat does not consider a user assisted client crash such as this to be a security flaw. Red Hat does not consider a user assisted client crash such as this to be a security flaw. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in sos packages in Red Hat Enterprise Linux 5. This issue did not affect the version of openldap as shipped with Red Hat Enterprise Linux 5, as it does not use the Mozilla NSS backend. Not vulnerable. This issue did not affect the versions of hypvervkvpd as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for TLS 1.2 or 1.1. This issue affects the version of php as shipped with Red Hat Enterprise Linux 6. This issue affects the version of php53 as shipped with Red Hat Enterprise Linux 5. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0514. A future update may address this flaw in Red Hat Enterprise Linux 5. This issue does affect Red Hat Enterprise Virtualization 2 and 3. Red Hat Enterprise Virtualization 2 is now in Production 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Virtualization Life Cycle: https://access.redhat.com/support/policy/updates/rhev/. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in NetworkManager. This flaw affects various versions of Java as shipped with Red Hat products. A patch is available for Java 7 and Java 8, but not for previous versions of Java shipped with Red Hat products. Although no patch is available for previous versions of Java as shipped with Red Hat products, the impact of this flaw has been addressed in several components that utilize Java HashMap in such a way that may expose a denial of service flaw. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 as they did not include support for netfilter's ipv6 connection tracking module. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux MRG as they already contain the upstream commit that fixes this issue. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 as they did not include support for KEYCTL_SESSION_TO_PARENT keyctl IOCTL as introduced in upstream commit ee18d64c. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux MRG 2 as they already contain the fix. Future kernel updates for Red Hat Enterprise Linux 6 may address this issue. The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue affected the version of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 has been addressed via RHSA-2012:1288. This issue does not affect the version of mingw32-libxml2 as shipped with Red Hat Enterprise Linux 6. This issue affects the version of libxslt as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. Not Vulnerable. This issue does not affect the version of mesa as shipped with Red Hat Enterprise Linux 5 and 6. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6, and Red Hat Enterprise MRG, as those versions have a guard page between the end of the user-mode accessible virtual address space and the beginning of the non-canonical area due to CVE-2005-1764 fix. This issue did affect the versions of Xen hypervisor as shipped with Red Hat Enterprise Linux 5. A kernel-xen update for Red Hat Enterprise Linux 5 is available to address this flaw. Not vulnerable. This issue did not affect the version of the oracle-server package as shipped with Red Hat Network Satellite 5.4. We do not consider a user-assisted crash of a client application such as Gimp to be a security issue. This issue does not affect the version of rhythmbox as shipped with Red Hat Enterprise Linux 5. This issue affects the version of rhythmbox as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. Not vulnerable. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG. We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php This issue affects the version of dtach as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, since updates fixing CVE-2011-1083 contained a corrected patch that did not introduce this regression. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-1061.html, and Red Hat Enterprise Linux Red Hat Enterprise MRG 2 via https://rhn.redhat.com/errata/RHSA-2012-1150.html The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue affects the version of automake, automake15, automake16 and automake17 as shipped with Red Hat Enterprise Linux 5. This issue affects the version of automake, automake15 and automake16 as shipped with Red Hat Enterprise Linux 6. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0526 in automake package. A future update may address this flaw in various affected versions of automake. This issue does affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. The Red Hat Security Response Team has rated this issue as having low security impact. A future kernel updates may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. The Red Hat Security Response Team has rated this issue as having moderate security impact. A future libtiff package update may address this issue in Red Hat Enterprise Linux 5 and 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue did not affect the version of glibc as shipped with Red Hat Enterprise Linux 5. This issue did not affect the version of glibc as shipped with Red Hat Enterprise Linux 5. Not Vulnerable. This issue does not affect the version of ecryptfs-utils as shipped with Red Hat Enterprise Linux 5 and 6. Red Hat does not consider this do be a security issue. The affected code is present in Red Hat Enterprise Linux 5 and 6, but due to use of FORTIFY_SOURCE protections the impact would be limited to a crash. Therefore, there are no plans to correct this issue in Red Hat Enterprise Linux 5 and 6. This issue affected the version of dnsmasq as shipped with Red Hat Enterprise Linux 6 and has been addressed via RHSA-2013:0277. This issue affects the version of dnsmasq as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue in Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of kdepim as shipped with Red Hat Enterprise Linux 5 or 6. This issue affects the version of libpng as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. This issue does not affect the version of libpng as shipped with Red Hat Enterprise Linux 6. This issue does affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future kernel updates may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not vulnerable. The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG are not affected. The versions of the kernel-xen packages as shipped with Red Hat Enterprise Linux 5 are not affected as they implement a different MMIO emulation mechanism. Not vulnerable. The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG are not affected. The versions of the kernel-xen packages as shipped with Red Hat Enterprise Linux 5 are not affected because we did not provide support for memory sharing functionality. This issue affects the version of ImageMagick, as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. The versions of libvirt as shipped with Red Hat Enterprise Linux 5 are not affected. Future libvirt updates for Red Hat Enterprise Linux 6 may address this flaw. Red Hat does not consider this flaw to be a security issue. It is improbable that a script would accept untrusted user input or unvalidated script input data which would be treated as SQL prepared statements. Not vulnerable. This issue did not affect the versions of gnome-screensaver as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include the upstream commit 43ee32edaddb9b9b9f4b43c47ca73d7b4eea9fae that introduced this issue. Not vulnerable. This issue did not affect the versions of python-beaker as shipped with Red Hat Enterprise Linux 6 as it did not include support for using python-crypto. Not Vulnerable. This issue does not affect the version of gnome-keyring as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of emacs as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not vulnerable. This issue did not affect the versions of condor as shipped with Red Hat Enterprise MRG as it does not include the vulnerable code (VMware support is not compiled in). Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5 because we did not support TMEM (Transcendent Memory). This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4, 5, and 6, JBoss Enterprise Web Server 1, and JBoss Enterprise Application Server 6. This issue did not affect the version of crypto-utils as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue in Red Hat Enterprise Linux 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. The versions of the gdb package, as shipped with Red Hat Enterprise Linux 5 and 6 are vulnerable to the original libiberty integer overflow flaw. But due the way of subsequent processing of the previously insufficiently pre-allocated libiberty buffer within gdb code, the impact of this issue is limited to crash only. Red Hat Security Response Team does not consider crash of end-user application, such as gdb, to be a security flaw. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they already contain upstream commit f0ec1aaf54cadd that fixed this issue. Future kernel updates in Red Hat Enterprise Linux 5 may address this flaw. This issue does affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates may address this flaw. This issue did affect the versions of xen package as shipped with Red Hat Enterprise Linux 5. This issue did affect the versions of kvm package as shipped with Red Hat Enterprise Linux 5. This issue did affect the versions of qemu-kvm package as shipped with Red Hat Enterprise Linux 6. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6 as they did not backport the commit that introduced this issue. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue. Not vulnerable. This issue did not affect the versions of inn as shipped with Red Hat Enterprise Linux 5 as they did not include support for the STARTTLS command. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This flaw affects Apache Tomcat 5.5.x, 6.0.0 - 6.0.36 and 7.0.0 - 7.0.29. It does not affect JBoss Web. Tomcat 5.5 has reached the end of its supported upstream life-cycle, and the Apache Tomcat project no longer tests security flaws to determine whether they affect Tomcat 5.5. Red Hat has tested tomcat 5.5 as shipped with Red Hat Enterprise Linux 5 and JBoss Enterprise Web Server 1, and found that it is affected by this flaw. Patches for tomcat 5.5 to address this flaw will be provided at a later date. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue did affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5. This issue did affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterpise MRG 2. Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of bind or bind97 as shipped with Red Hat Enterprise Linux 4, 5, and 6. Not Vulnerable. This issue does not affect the version of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of Firefox and Thunderbird package, as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of Firefox and Thunderbird package, as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of Firefox and Thunderbird package, as shipped with Red Hat Enterprise Linux 5 and 6. This issue did not affect the version of Firefox and Thunderbird packages as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. The Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue did not affect the versions of squashfs-tools as shipped with Red Hat Enterprise Linux 5 as they did not include support for parallel processing and do not make use of queues. Not Vulnerable. This issue does not affect the version of wireshark shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not affected. This flaw does not affect the jclouds Eucalyptus API as shipped with JBoss Fuse 6.0.0 and Fuse ESB Enterprise 7.1.0. Not Vulnerable. This issue does not affect the version of freetype as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 as they did not provide support for the Diagnostics (DIAG) kernel mode driver for Android. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 as they did not provide support for the Diagnostics (DIAG) kernel mode driver for Android. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 as they did not provide support for the Graphics KGSL kernel mode driver for Android. Red Hat Security Response Team does not consider a user assisted denial of service (and potential crash) of end user application, such as tools from LibreOffice productivity suite, to be a security issue. Red Hat does not consider this to be a security flaw. The GIMP scriptfu server works as intended and should not be enabled in production environments as it was not designed to have any kind of security protection. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue was addressed in Red Hat Enterprise Linux 5 via RHSA-2013:0125. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 6. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 or 6. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue was addressed in Red Hat Enterprise Linux 5 via RHSA-2013:0125. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 6. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue was addressed in Red Hat Enterprise Linux 5 via RHSA-2013:0125. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 6. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue was addressed in Red Hat Enterprise Linux 5 via RHSA-2013:0125. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 6. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 or 6. Not Vulnerable. This issue only affects struts 2, it does not affect the versions of struts as shipped with various Red Hat products. Not Vulnerable. This issue only affects struts 2, it does not affect the versions of struts as shipped with various Red Hat products. Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5 and 6, and the version of php53 as shipped with Red Hat Enterprise Linux 5 as they did not include the upstream commit 322263 that introduced this issue. This issue does affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enteprise MRG. Future kernel updates may address this flaw. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not Vulnerable. This issue does not affect the version of axis as shipped with JBoss Developer Studio 5 and 6, JBoss Enterprise Portal Platform 5.2.2 and 6.0.0, Red Hat Enterprise Linux 5 and 6, and Red Hat Enterprise Virtualization Manager 3.1. The versions of libvirt as shipped with Red Hat Enterprise Linux 5 are not affected. This issue did affect the versions of the libvirt package as shipped with Red Hat Enterprise Linux 6. Not vulnerable. This issue did not affect the versions of openslp as shipped with Red Hat Enterprise Linux 6. This issue affects the version of bacula as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the versions of tomcat5 as shipped with Red Hat Enterprise Linux 5 and tomcat6 as shipped with Red Hat Enterprise Linux 6 as they did not include the CSRF prevention filter. Not Vulnerable. This issue does not affect the version of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of dracut as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the openCryptoki packages as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of qpid-cpp as shipped with Red Hat Enterprise MRG as asserts are not enabled. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5. This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not vulnerable. This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6 as they did not provide version 1.9.x, which is the vulnerable version of ruby. Not vulnerable. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG 2. Not vulnerable. This issue did not affect the version of libproxy as shipped with Red Hat Enterprise Linux 6. Not a security flaw. Red Hat Security Response Team does not consider a user-assisted end user application crash (such a konqueror) to be a security issue. Not vulnerable. This issue did not affect the versions of kdelibs as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of librdmacm as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 6. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5. This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6. This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2. This issue did affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. This issue did affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. This issue did not affect JBoss Enterprise Application Platform versions 4.x and 5.x. This issue did not affect the version of httpd as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue does not affect the versions of GWT shipped with any Red Hat products. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5. This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6. This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2. This flaw allowed an attacker to circumvent all restrictions applied by the Java security manager. The Java security manager is used to sandbox Java applets in web browsers, but is also used in a variety of other applications. Red Hat has tested the flaw and confirmed that it affected Java SE 7 provided by OpenJDK 7 (java-1.7.0-openjdk), Oracle Java SE 7 (java-1.7.0-oracle) and IBM Java SE 7 (java-1.7.0-ibm) as shipped with Red Hat Enterprise Linux 6. Updates correcting this issue were released for all affected packages. Not vulnerable. This issue did not affect the versions of Firefox as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include SPDY protocol support. Not vulnerable. Upstream notes this issue only affected MySQL 5.5.x. Red Hat Enterprise Linux 5 and 6 include MySQL versions 5.0.x and 5.1.x respectively, which are not listed as affected. This issue affects the version of icu as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not Vulnerable. This issue does not affect the version of mesa as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response team does not consider this bug to be security relevant. However, it has been corrected in MRG Grid 2.2 (via RHSA-2012:1278 and RHSA-2012:1281) as a proactive/hardening measure. Not vulnerable. This issue did not affect the versions of condor as shipped with Red Hat Enterprise MRG as it does not include the vulnerable code (VMware support is not compiled in). Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of axis as shipped with JBoss Developer Studio 5 and 6, JBoss Enterprise Portal Platform 5.2.2 and 6.0.0, Red Hat Enterprise Linux 5 and 6, and Red Hat Enterprise Virtualization Manager 3.1. Not vulnerable. The JOSSO server component which exposes this flaw is not shipped in any Red Hat product. The JOSSO agent shipped with JBoss Enterprise Portal Platform does not expose this flaw. Not vulnerable. This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of condor as shipped with Red Hat Enterprise MRG 1 or 2 as they do not provide a vulnerable version of condor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. This issue did affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. This issue did affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. This issue does affect Red Hat Enterprise Virtualization 2 and 3. Red Hat Enterprise Virtualization 2 is now in Production 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Virtualization Life Cycle: https://access.redhat.com/support/policy/updates/rhev/. This issue did affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 6. This issue did not affect the versions of kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG. Not vulnerable. This issue did not affect the versions of vdsm22 package as shipped with Red Hat Enterprise Linux 5. This issue did not affect the versions of vdsm package as shipped with Red Hat Enterprise Linux 6. This issue did not affect the hypervisor disk images as shipped with Red Hat Enterprise Virtualization Hypervisor 5 and 6. This issue affects the version of cups as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. This issue affects the version of quagga as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not vulnerable. This issue did not affect the versions of gnome-utils as shipped with Red Hat Enterprise Linux 5 and 6 as they used usermode to request privileges, not pkexec. This issue does not affect the version of openssh as shipped with Red Hat Enterprise Linux 5. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0519. This issue affects tomcat and jbossweb as shipped in various Red Hat products. This issue can be mitigated using appropriate firewall configuration, as noted here: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6750 . This issue can also be partially mitigated by configuring an appropriate timeout using the connectionTimeout property for the relevant Connector(s) defined in server.xml, but testing shows that some variants of the attack may still be effective with this configuration. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue in Red Hat Enterprise Linux 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of mysql as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of mysql as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat does not consider this to be a security flaw as a user executing these commands will only succeed in preventing service to the current connection, and not to the server as a whole. This issue does not affect the version of ekiga as shipped with Red Hat Enterprise Linux 5. This issue affects the version of ekiga as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of qt and qt4 as shipped with Red Hat Enterprise Linux 5. This issue did not affect the versions of qt3 and qt as shipped with Red Hat Enterprise Linux 6. This issue affects the version of mysql as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of libuser as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of ipa-client and ipa as shipped with Red Hat Enterprise Linux 5 or 6. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. This issue affects the version of squid shipped with Red Hat Enterprise Linux 5 and 6. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0505. A future update may address this flaw in Red Hat Enterprise Linux 5. This issue affects the version of libuser as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of inkscape as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of x3270 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for SSL certificate verification. This issue did not affect the version of grep as shipped with Red Hat Enterprise Linux 5. This issue affects the version of grep as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect the version of freetype as shipped with Red Hat Enterprise Linux 5. This issue affects the version of freetype as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. (None) Not Vulnerable. This issue did not affect the version of freetype as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of exim as shipped with Red Hat Enterprise Linux 5. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 4 and 5, nor the versions of bind97 as shipped with Red Hat Enterprise Linux 5, as they did not include support for DNS64. This issue did not affect the versions of bind or bind97 packages as shipped with Red Hat Enterprise Linux 4 and 5. Not vulnerable. This issue only affects axis2 as shipped with Fedora. It does not affect components shipped with any Red Hat products. Not vulnerable. Apache CXF is shipped with several Red Hat products, but the wsdl_first_https sample is not included. Without this sample code, the flaw is not exposed. Not vulnerable. This issue did not affect the versions of lynx as shipped with Red Hat Enterprise Linux 5 and 6 as they were not build against GnuTLS. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 Not vulnerable. This issue did not affect GUPnP, which is an independent implementation of the UPnP standard, entirely different from libupnp. libupnp, while affected, is not provided by any version of Red Hat Enterprise Linux. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5 because we did not support TMEM (Transcendent Memory). This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5 because we did not support TMEM (Transcendent Memory). This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5 because we did not support TMEM (Transcendent Memory). This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5 because we did not support TMEM (Transcendent Memory). This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5 because we did not support TMEM (Transcendent Memory). This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5 because we did not support TMEM (Transcendent Memory). This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5 because we did not support TMEM (Transcendent Memory). This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not Vulnerable. This issue does not affect the versions of xulrunner, firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of inkscape as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of gnupg2 as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of rpm as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include the upstream commit e8bc3ff5d780f4ee6656c24464402723e5fb04f4 that introduced this issue. Not vulnerable. This issue did not affect the versions of Qt as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of cups as shipped with Red Hat Enterprise Linux 5 and 6 as they did not use the systemd capability for CUPS socket activation yet. Not vulnerable. This issue did not affect the versions of cronie as shipped with Red Hat Enterprise Linux 6. Not Vulnerable. This issue does not affect the version of hplip and hplip3 as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of hplip as shipped with Red Hat Enterprise Linux 6. Not Vulnerable. This issue does not affect the version of php as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of php53 as shipped with Red Hat Enterprise Linux 5. This issue affects the version of libxslt as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise MRG 2. This issue did affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 . This issue has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2013-0744.html. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise MRG 2. This issue affects the version of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Future kernel updates for Red Hat Enterprise Linux 6 may address this issue. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise MRG 2. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Future kernel updates for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6 may address this issue. This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise MRG 2. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Future kernel updates for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6 may address this issue. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise MRG 2. This issue did affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise MRG 2. This issue did affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6. Future kernel updates for Red Hat Enterprise Linux 6 may address this issue. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. This issue did affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. For details of affected products and workarounds see https://access.redhat.com/knowledge/node/290903 This issue affects the version of util-linux shipped with Red Hat Enterprise Linux 5 and 6. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0517. A future update may address this flaw in Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of libvirt as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of samba4 as shipped with Red Hat Enterprise Linux 6 as they did not include support for the Domain Controller components. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not Vulnerable. This issue does not affect the version of squid as shipped with Red Hat Enterprise Linux 5 and 6. This issue did affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 6. This issue did not affect Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. Not vulnerable. This issue did not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of ipa as shipped with Red Hat Enterprise Linux 6 as they did not include support for Cross-Realm Kerberos trusts with Active Directory. This issue does not affect the version of hplip and hplip3 as shipped with Red Hat Enterprise Linux 5. This issue has been addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0500. This issue affects the version of libarchive as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of samba as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of samba3x as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. This issue affects the version of samba as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of samba3x as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. This issue did not affect the versions of the xen package as shipped with Red Hat Enterprise Linux 5. This issue did affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. This issue affects the version of sssd shipped with Red Hat Enterprise Linux 5 and 6. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0508. A future update may address this flaw in Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue did affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 6. This issue did not affect Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. This issue did affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. This issue affects the version of glibc as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of curl as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the version of corosync as shipped with Red Hat Enterprise Linux 6. Not vulnerable. This issue did not affect the versions of boost as shipped with Red Hat Enterprise Linux 5 and 6. This issue did not affect the version of postgresql, as shipped with Red Hat Enterprise Linux 5. This issue affects the version of postgresql84, as shipped with Red Hat Enterprise Linux 5 and the version of postgresql, as shipped with Red Hat Enterprise Linux 6. Red Hat Security Response Team has rated this issue as having moderate security impact. A future update might address this flaw. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not vulnerable. This issue did not affect the versions of cumin as shipped with Red Hat Enterprise MRG 1 or 2. This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Not vulnerable. This issue did not affect the versions of pidgin, as shipped with Red Hat Enterprise Linux 5 and 6. Vulnerable. This issue affects version of pacemaker as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update might address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Vulnerable. This issue affects the version of nss-pam-ldapd as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6. This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2. Not vulnerable. This issue did not affect Red Hat Enterprise Virtualization Hypervisor 5 and 6. This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, and 6, and Red Hat Enterprise MRG 2. Not vulnerable. This issue did not affect the versions of IPA or 389-ds as shipped with Red Hat Enterprise Linux 5 or 6. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may address this issue. This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. Not vulnerable. Upstream notes this issue only affected MySQL 5.5.x. Red Hat Enterprise Linux 5 and 6 include MySQL versions 5.0.x and 5.1.x respectively, which are not listed as affected. Not vulnerable. Upstream notes this issue only affected MySQL 5.5.x. Red Hat Enterprise Linux 5 and 6 include MySQL versions 5.0.x and 5.1.x respectively, which are not listed as affected. Not vulnerable. Upstream notes this issue only affected MySQL 5.5.x. Red Hat Enterprise Linux 5 and 6 include MySQL versions 5.0.x and 5.1.x respectively, which are not listed as affected. Not vulnerable. Upstream notes this issue only affected MySQL 5.5.x. Red Hat Enterprise Linux 5 and 6 include MySQL versions 5.0.x and 5.1.x respectively, which are not listed as affected. Not vulnerable. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 5 as they did not provide support for SMB2. This issue did not affect the versions of samba3x and samba as shipped with Red Hat Enterprise Linux 6 as they ship newer versions that do not include the vulnerable code. Not Vulnerable. This issue does not affect the version of acroread as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of acroread as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of Adobe Acroread as shipped with Red Hat Enterprise Linux 5 and 6. Updates will be released as soon as they are made generally available by Adobe. Not Vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 Not Vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 Not Vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 Not Vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 Not Vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 Not Vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 Not Vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 Not Vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 Not Vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue affects the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6. Upstream does not include moderate impact fixes in the Extended Support Releases. This issue will be addressed in the next ESR rebase. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue did affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future updates may address this issue. Please note that while a public non-weaponized exploit exists, according to our testing the issue is very hard to hit. This issue affects the version of icu as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may address this issue. Not vulnerable. This issue did not affect the versions of gnome-screensaver as shipped with Red Hat Enterprise Linux 5 and 6. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 5 as they did not include support for PKINIT. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 and 5. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 and 6, since MySQL packages in Red Hat Enterprise Linux are linked against OpenSSL, and not against yaSSL. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue affects the GlassFish REST component. This component is not shipped with any Red Hat products. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue affects the GlassFish Administration component. This component is not shipped with any Red Hat products. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This issue did not affect the versions of pixman as shipped with Red Hat Enterprise Linux 5 as it did not contain the vulnerable code. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 or 6. The packages use OpenSSL and not yaSSL. We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php This issue affects the version of php as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of php53 as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 This issue did not affect the version of the stunnel package as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Not vulnerable. This issue did not affect the versions of the libvirt package as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue. This issue did not affect the versions of kernel package as shipped with Red Hat Enterprise Linux 5 and 6. Future kernel updates for Red Hat Enterprise MRG 2 may address this flaw. This issue does not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5. This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue. This issue affects the version of sudo as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of sudo as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of poppler as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue does not affect the version of poppler as shipped with Red Hat Enterprise Linux 5. This issue affects the version of poppler as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue affects the version of poppler as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may address this issue. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise MRG 2. This issue did affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6, and Red Hat Enterprise MRG as those versions are missing upstream commit 196d6759 that introduced this issue. This issue did not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 because it did not backport the commit 4cf46b67eb that introduced this issue. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG 2. This issue did not affect the versions of the Linux kernel as shipped with Fedora 17 and 18 as they were not built with CONFIG_USER_NS configuration option. This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue. This issue affects the version of mysql as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not Vulnerable. This issue does not affect the version of samba4 as shipped with Red Hat Enterprise Linux 6. This issue affects the version of pwlib as shipped with Red Hat Enterprise Linux 5. This issue affects the version of ptlib as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. These issues do not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5. These issues do affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue. Not Vulnerable. This issue does not affect the version of subversion as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Not Vulnerable. This issue does not affect the version of postgresql as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of postgresql84 as shipped with Red Hat Enterprise Linux 5. This issue affects the version of postgresql as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of postgresql84, as shipped with Red Hat Enterprise Linux 5. Red Hat Security Response Team has rated this issue as having low security impact. A future update might address this flaw. Not Vulnerable. This issue does not affect the version of postgresql as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of postgresql84 as shipped with Red Hat Enterprise Linux 5. Not vulnerable. This issue did not affect the versions of yum as shipped with Red Hat Enterprise Linux 5 and 6, as yum in those products did not (try to) use filelists metadata yet. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5 as we did not have support for sysenter for 64bit PV guests running on the Xen hypervisor (introduced in upstream changeset 16207:aeebd173c3fa). This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. This issue did affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. The risks associated with fixing this bug are greater than its security impact. This issue is not currently planned to be addressed in future kernel-xen updates for Red Hat Enterprise Linux 5. Using fully virtualized (HVM) guests, or PV guests with trusted kernel/administrator avoids this issue. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5 as it has no support for stub domains. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue does not affect versions of kvm and xen packages as shipped with Red Hat Enterprise Linux 5. This issue does not affect versions of qemu-kvm packages as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6. Future kernel updates for Red Hat Enterprise Linux 6 may address this issue. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. The Red Hat Security Response Team has rated this issue as having low security impact because physical access is needed to exploit this issue. Future kernel updates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue did not affect the version of xorg-x11-server as shipped with Red Hat Enterprise Linux 5. This issue affects the version of xorg-x11-server as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue affects the version of libtiff as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. This issue affects the version of libtiff as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5 This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. This issue does not affect the version of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect version of mingw32-libxml2 as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the version of openstack-keystone as shipped with Red Hat OpenStack Folsom. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6. Future kernel-rt updates in Red Hat Enterprise MRG 2 may address this flaw. This issue does not affect the kvm package as shipped with Red Hat Enterprise Linux 5. This issue does not affect the xen package as shipped with Red Hat Enterprise Linux 5. This issue does affect the qemu-kvm package as shipped with Red Hat Enterprise Linux 6. Future qemu-kvm updates in Red Hat Enterprise Linux 6 may address this flaw. Please note that due to differences in upstream and Red Hat Enterprise Linux 6 versions of qemu guest agent this issue has lower security impact on systems running Red Hat Enterprise Linux 6. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may address this issue. Not vulnerable. This issue does not affect the versions of kvm package as shipped with Red Hat Enterprise Linux 5 and qemu-kvm package as shipped with Red Hat Enterprise Linux 6. This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 may address this flaw. This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. This issue affects the version of the kernel package as shipped with Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue. This flaw allows an attacker to circumvent a session fixation prevention mechanism which was implemented in tomcat 5.5.x >= 5.5.29, 6.0.x >= 6.0.21 and 7.x. Earlier versions of tomcat do not include this mechanism, and are therefore not affected by this flaw. JBoss Web as included in JBoss 5.x products also does not include this mechanism, and is not affected by this flaw. This flaw only affects tomcat 7. Tomcat 5 and 6 are not affected. The jbossweb servlet container is also not affected. Not vulnerable. This issue does not affect the versions of the xen package as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue does not affect the kernel packages as shipped with Red Hat Enterprise Linux 5 because we did not backport upstream commit b0a873eb that introduced this issue. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0830 (https://rhn.redhat.com/errata/RHSA-2013-0830.html), and in Red Hat Enterprise Linux 6.3 Extended Update Support via RHSA-2013:0832 (https://rhn.redhat.com/errata/RHSA-2013-0832.html). We are working on updated packages to correct this issue in Red Hat Enterprise Linux 6.1, and 6.2 Extended Update Support, and Red Hat Enterprise MRG 2, and will release them once they have been completed and tested. Red Hat Enterprise Linux 6.0 was not affected by this flaw. Refer to https://access.redhat.com/site/solutions/373743 for further information. Not vulnerable. This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6 as the SSL module there did not implement the match_hostname() routine yet. This issue did not affect the versions of bind package as shipped with Red Hat Enterprise Linux 3, 4, and 5. This issue was corrected in bind97 packages in Red Hat Enterprise Linux 5 and bind packages in Red Hat Enterprise Linux 6. Not affected. This flaw does not affect the jclouds Eucalyptus API as shipped with JBoss Fuse 6.0.0 and Fuse ESB Enterprise 7.1.0. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 and 6. Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. Not Vulnerable. This issue does not affect the version of dhcp as shipped with Red Hat Enterprise Linux 5 and 6. Vulnerable. This issue affects the version of privoxy as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this flaw. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. These issues do not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. These issues do affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue. Not Vulnerable. This issue does not affect the version of acroread as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of flash-plugin as shipped with Red Hat Enterprise Linux 5 and 6. Updates will be released as soon as they are made generally available by Adobe. This issue affects the version of ibtuils as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5. This issue does affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue. This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5. This issue does affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue. Not vulnerable. This issue did not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Fuse ESB Enterprise 7.1.0, Fuse MQ Enterprise 7.1.1, JBoss Fuse 6.0.0 and JBoss A-MQ 6.0.0 all contain the Apache ActiveMQ web console, but it is not deployed by default. The documentation for deploying the web console covers the configuration needed to ensure authentication is enabled, therefore these products are not affected by this flaw. In a future update to these products, the web console will be configured so that authentication is automatically enabled if the web console is deployed, eliminating the need to manually configure it. A future update may address this flaw in Fuse Message Broker 5.5.1. This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. This issue affects the version of the kernel package as shipped with Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may address this issue. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may address this issue. This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may address this issue. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. This issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 5. Future kernel updates for Red Hat Enterprise Linux 5 may address this issue. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. https://access.redhat.com/kb/docs/DOC-30741 https://bugs.php.net/bug.php?id=60227 https://bugs.php.net/patch-display.php?bug_id=60227&patch=SAPI.diff&revision=latest http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/SAPI.c?r1=323986&r2=323985&pathrev=323986 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2011-007.txt http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.adobe.com/support/security/bulletins/apsb11-28.html http://www.adobe.com/support/security/bulletins/apsb11-28.html http://www.php.net/security/crypt_blowfish.php https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/ http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commitdiff;h=ed51cfa24ca27746ab09b59280b94117dd58cba3 http://git.kernel.org/linus/17dd759c67f21e34f2156abcf415e1f60605a188 http://www.mozilla.org/security/announce/2011/mfsa2011-43.html http://www.mozilla.org/security/announce/2012/mfsa2012-11.html http://www.rsyslog.com/potential-dos-with-malformed-tag/ http://www.openssl.org/news/secadv_20110906.txt http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21 http://www.contextis.com/research/blog/reverseproxybypass/ http://www.openswan.org/download/CVE-2011-3380/CVE-2011-3380.txt http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html http://www.mozilla.org/security/announce/2011/mfsa2011-46.html http://www.mozilla.org/security/announce/2011/mfsa2011-47.html http://www.mozilla.org/security/announce/2011/mfsa2011-49.html http://www.mozilla.org/security/announce/2012/mfsa2012-04.html http://www.mozilla.org/security/announce/2012/mfsa2012-02.html http://puppetlabs.com/security/cve/cve-2011-3848/ http://puppetlabs.com/security/cve/cve-2011-3869/ http://puppetlabs.com/security/cve/cve-2011-3870/ http://puppetlabs.com/security/cve/cve-2011-3871/ http://www.puppetlabs.com/security/cve/cve-2011-3872/ http://lists.freedesktop.org/archives/xorg-announce/2011-October/001744.html http://lists.freedesktop.org/archives/xorg-announce/2011-October/001744.html http://openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt http://www.wireshark.org/security/wnpa-sec-2011-17.html http://www.wireshark.org/security/wnpa-sec-2011-18.html http://www.wireshark.org/security/wnpa-sec-2011-19.html https://www.isc.org/software/bind/advisories/cve-2011-4313 https://deepthought.isc.org/article/AA-00549 https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue http://java.net/jira/browse/JAVASERVERFACES-2247 http://www.jakobk.com/2011/11/jsf-value-expression-injection-vulnerability/ http://www.adobe.com/support/security/bulletins/apsb12-08.html http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0001.html https://code.google.com/p/memcached/issues/detail?id=192 http://insecurety.net/?p=872 http://vsecurity.com/resources/advisory/20120324-1/ http://www.openoffice.org/security/cves/CVE-2012-0037.html http://www.libreoffice.org/advisories/CVE-2012-0037/ http://www.mozilla.org/security/announce/2012/mfsa2012-01.html http://www.mozilla.org/security/announce/2012/mfsa2012-07.html http://www.mozilla.org/security/announce/2012/mfsa2012-08.html http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html http://www.adobe.com/support/security/bulletins/apsb13-02.html http://www.adobe.com/support/security/bulletins/apsb12-03.html http://www.adobe.com/support/security/bulletins/apsb12-03.html http://www.adobe.com/support/security/bulletins/apsb12-05.html http://www.adobe.com/support/security/bulletins/apsb12-05.html http://www.adobe.com/support/security/bulletins/apsb12-07.html http://www.adobe.com/support/security/bulletins/apsb12-08.html http://www.adobe.com/support/security/bulletins/apsb12-09.html http://www.sudo.ws/sudo/alerts/sudo_debug.html http://www.samba.org/samba/security/CVE-2012-0870 http://www.openssl.org/news/secadv_20120312.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt http://krbdev.mit.edu/rt/Ticket/Display.html?id=7527 http://web.mit.edu/kerberos/www/krb5-1.10/ https://www.isc.org/software/bind/advisories/cve-2012-1033 http://puppetlabs.com/security/cve/cve-2012-1053/ http://puppetlabs.com/security/cve/cve-2012-1054/ http://www.samba.org/samba/history/samba-3.6.4.html http://www.adobe.com/support/security/bulletins/apsb12-16.html http://www.adobe.com/support/security/bulletins/apsb13-02.html http://www.adobe.com/support/security/bulletins/apsb13-02.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.adobe.com/support/security/bulletins/apsb12-18.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.isc.org/software/bind/advisories/cve-2012-1667 http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php http://www.mozilla.org/security/announce/2012/mfsa2012-59.html http://puppetlabs.com/security/cve/cve-2012-1986/ http://puppetlabs.com/security/cve/cve-2012-1987/ http://puppetlabs.com/security/cve/cve-2012-1988/ http://puppetlabs.com/security/cve/cve-2012-1989/ http://www.adobe.com/support/security/bulletins/apsb12-14.html http://www.adobe.com/support/security/bulletins/apsb12-14.html http://www.openssl.org/news/secadv_20120419.txt http://www.php.net/archive/2012.php#id2012-05-08-1 http://openssl.org/news/secadv_20120510.txt http://cxf.apache.org/cve-2012-2378.html http://cxf.apache.org/cve-2012-2379.html http://www.libreoffice.org/advisories/CVE-2012-2665/ http://www.openssl.org/news/secadv_20130205.txt http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://puppetlabs.com/security/cve/cve-2012-3408/ https://kb.isc.org/article/AA-00729 http://puppetlabs.com/security/cve/cve-2012-3864/ http://puppetlabs.com/security/cve/cve-2012-3865/ http://puppetlabs.com/security/cve/cve-2012-3866/ http://puppetlabs.com/security/cve/cve-2012-3867/ https://kb.isc.org/article/AA-00730 http://www.mozilla.org/security/announce/2012/mfsa2012-74.html http://www.mozilla.org/security/announce/2012/mfsa2012-75.html http://www.mozilla.org/security/announce/2012/mfsa2012-77.html http://www.mozilla.org/security/announce/2012/mfsa2012-79.html http://www.mozilla.org/security/announce/2012/mfsa2012-87.html http://www.mozilla.org/security/announce/2012/mfsa2012-81.html http://www.mozilla.org/security/announce/2012/mfsa2012-84.html http://www.mozilla.org/security/announce/2012/mfsa2012-83.html http://www.mozilla.org/security/announce/2012/mfsa2012-82.html http://www.mozilla.org/security/announce/2012/mfsa2012-85.html http://www.adobe.com/support/security/bulletins/apsb12-19.html http://www.adobe.com/support/security/bulletins/apsb12-19.html http://www.mozilla.org/security/announce/2012/mfsa2012-86.html http://www.mozilla.org/security/announce/2012/mfsa2012-88.html http://www.mozilla.org/security/announce/2012/mfsa2012-89.html http://www.mozilla.org/security/announce/2012/mfsa2012-89.html http://www.mozilla.org/security/announce/2012/mfsa2012-90.html http://www.mozilla.org/security/announce/2012/mfsa2012-93.html http://www.mozilla.org/security/announce/2012/mfsa2012-92.html http://www.mozilla.org/security/announce/2012/mfsa2012-95.html http://www.mozilla.org/security/announce/2012/mfsa2012-96.html http://www.mozilla.org/security/announce/2012/mfsa2012-97.html http://www.mozilla.org/security/announce/2012/mfsa2012-101.html http://www.mozilla.org/security/announce/2012/mfsa2012-99.html http://www.mozilla.org/security/announce/2012/mfsa2012-103.html http://www.mozilla.org/security/announce/2012/mfsa2012-104.html http://www.mozilla.org/security/announce/2012/mfsa2012-105.html http://www.mozilla.org/security/announce/2012/mfsa2012-105.html http://www.phpmyadmin.net/home_page/security/PMASA-2012-3.php http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36 http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.32 https://issues.apache.org/jira/browse/QPID-4631 https://issues.apache.org/jira/browse/QPID-4629 https://issues.apache.org/jira/browse/QPID-4629 https://issues.apache.org/jira/browse/QPID-4629 https://access.redhat.com/knowledge/solutions/295843 http://www.freeipa.org/page/CVE-2012-4546 https://developers.google.com/web-toolkit/release-notes#Release_Notes_Current http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html http://xforce.iss.net/xforce/xfdb/78764 http://xforce.iss.net/xforce/xfdb/78765 http://xforce.iss.net/xforce/xfdb/78766 http://xforce.iss.net/xforce/xfdb/78767 http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://googlechromereleases.blogspot.com/2012/11/stable-update-for-chrome-os_30.html https://code.google.com/p/chromium/issues/detail?id=145525 https://kb.isc.org/article/AA-00801 http://www.adobe.com/support/security/bulletins/apsb12-24.html http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html http://www.freeipa.org/page/CVE-2012-5484 https://bugs.launchpad.net/keystone/+bug/1064914 http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/ http://cxf.apache.org/cve-2012-5575.html https://mariadb.atlassian.net/browse/MDEV-3908 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://lists.openstack.org/pipermail/openstack-announce/2012-December/000059.html http://framework.zend.com/security/advisory/ZF2012-05 http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html http://seclists.org/oss-sec/2012/q4/511 http://seclists.org/oss-sec/2012/q4/511 http://seclists.org/oss-sec/2012/q4/511 http://www.adobe.com/support/security/bulletins/apsb12-27.html https://kb.isc.org/article/AA-00828 https://kb.isc.org/article/AA-00855 http://www.mozilla.org/security/announce/2012/mfsa2012-106.html http://www.mozilla.org/security/announce/2012/mfsa2012-94.html http://www.mozilla.org/security/announce/2012/mfsa2012-102.html http://www.mozilla.org/security/announce/2012/mfsa2012-106.html http://www.mozilla.org/security/announce/2012/mfsa2012-100.html http://www.mozilla.org/security/announce/2012/mfsa2012-91.html http://www.mozilla.org/security/announce/2012/mfsa2012-91.html https://developers.google.com/web-toolkit/release-notes#Release_Notes_Current http://www.kb.cert.org/vuls/id/922681 https://bugs.launchpad.net/hplip/+bug/1016507/comments/1 http://www.openssl.org/news/secadv_20130205.txt http://www.isg.rhul.ac.uk/tls/ http://www.openssl.org/news/secadv_20130205.txt https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released http://www.freeipa.org/page/CVE-2013-0199 http://www.samba.org/samba/security/CVE-2013-0213 http://www.samba.org/samba/security/CVE-2013-0214 http://curl.haxx.se/docs/adv_20130206.html https://maven.apache.org/security.html http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/ http://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/ http://www.pidgin.im/news/security/?id=65 http://www.pidgin.im/news/security/?id=66 http://www.pidgin.im/news/security/?id=67 http://www.pidgin.im/news/security/?id=68 http://lists.openstack.org/pipermail/openstack-announce/2013-February/000079.html https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html https://www.samba.org/samba/security/CVE-2013-0454 http://www.adobe.com/support/security/bulletins/apsb13-08.html http://www.adobe.com/support/security/bulletins/apsb13-02.html http://www.adobe.com/support/security/bulletins/apsb13-02.html http://www.adobe.com/support/security/bulletins/apsb13-01.html http://www.adobe.com/support/security/bulletins/apsb13-04.html http://www.adobe.com/support/security/bulletins/apsb13-05.html http://www.adobe.com/support/security/bulletins/apsb13-05.html http://www.adobe.com/support/security/bulletins/apsb13-07.html http://www.adobe.com/support/security/bulletins/apsb13-08.html http://www.adobe.com/support/security/bulletins/apsb13-09.html https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/ http://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html http://www.mozilla.org/security/announce/2013/mfsa2013-20.html http://www.mozilla.org/security/announce/2013/mfsa2013-05.html http://www.mozilla.org/security/announce/2013/mfsa2013-08.html http://www.mozilla.org/security/announce/2013/mfsa2013-09.html http://www.mozilla.org/security/announce/2013/mfsa2013-10.html http://www.mozilla.org/security/announce/2013/mfsa2013-11.html http://www.mozilla.org/security/announce/2013/mfsa2013-01.html http://www.mozilla.org/security/announce/2013/mfsa2013-12.html http://www.mozilla.org/security/announce/2013/mfsa2013-13.html http://www.mozilla.org/security/announce/2013/mfsa2013-16.html http://www.mozilla.org/security/announce/2013/mfsa2013-17.html http://www.mozilla.org/security/announce/2013/mfsa2013-18.html http://www.mozilla.org/security/announce/2013/mfsa2013-19.html http://www.mozilla.org/security/announce/2013/mfsa2013-14.html http://www.mozilla.org/security/announce/2013/mfsa2013-15.html http://www.mozilla.org/security/announce/2013/mfsa2013-04.html http://www.mozilla.org/security/announce/2013/mfsa2013-02.html http://www.mozilla.org/security/announce/2013/mfsa2013-02.html http://www.mozilla.org/security/announce/2013/mfsa2013-07.html http://www.mozilla.org/security/announce/2013/mfsa2013-23.html http://www.mozilla.org/security/announce/2013/mfsa2013-03.html http://www.mozilla.org/security/announce/2013/mfsa2013-01.html http://www.mozilla.org/security/announce/2013/mfsa2013-22.html http://www.mozilla.org/security/announce/2013/mfsa2013-24.html http://www.mozilla.org/security/announce/2013/mfsa2013-25.html http://www.mozilla.org/security/announce/2013/mfsa2013-26.html http://www.mozilla.org/security/announce/2013/mfsa2013-27.html http://www.mozilla.org/security/announce/2013/mfsa2013-28.html http://www.mozilla.org/security/announce/2013/mfsa2013-28.html http://www.mozilla.org/security/announce/2013/mfsa2013-21.html http://www.mozilla.org/security/announce/2013/mfsa2013-21.html http://www.bugzilla.org/security/3.6.12/ http://www.mozilla.org/security/announce/2013/mfsa2013-29.html http://www.mozilla.org/security/announce/2013/mfsa2013-30.html http://www.mozilla.org/security/announce/2013/mfsa2013-30.html http://www.mozilla.org/security/announce/2013/mfsa2013-40.html http://www.mozilla.org/security/announce/2013/mfsa2013-39.html http://www.mozilla.org/security/announce/2013/mfsa2013-38.html http://www.mozilla.org/security/announce/2013/mfsa2013-36.html http://www.mozilla.org/security/announce/2013/mfsa2013-35.html http://www.mozilla.org/security/announce/2013/mfsa2013-31.html http://www.mozilla.org/security/announce/2013/mfsa2013-41.html http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html http://www.adobe.com/support/security/bulletins/apsb13-11.html http://krbdev.mit.edu/rt/Ticket/Display.html?id=7570 http://web.mit.edu/kerberos/krb5-1.11/ http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.isg.rhul.ac.uk/tls/ http://www.gnutls.org/security.html#GNUTLS-SA-2013-1 http://www.isg.rhul.ac.uk/tls/ http://www.isg.rhul.ac.uk/tls/ http://www.isg.rhul.ac.uk/tls/TLStiming.pdf http://www.isg.rhul.ac.uk/tls/ http://www.isg.rhul.ac.uk/tls/TLStiming.pdf http://www.mozilla.org/security/announce/2013/mfsa2013-41.html http://www.mozilla.org/security/announce/2013/mfsa2013-42.html http://www.mozilla.org/security/announce/2013/mfsa2013-43.html http://www.mozilla.org/security/announce/2013/mfsa2013-46.html http://www.mozilla.org/security/announce/2013/mfsa2013-47.html http://www.mozilla.org/security/announce/2013/mfsa2013-48.html https://www.stunnel.org/CVE-2013-1762.html https://bugs.freedesktop.org/show_bug.cgi?id=61433 http://lists.freedesktop.org/archives/telepathy-bugs/2013-February/021155.html http://xmpp.org/extensions/xep-0115.html http://www.sudo.ws/sudo/alerts/epoch_ticket.html http://www.sudo.ws/sudo/alerts/tty_tickets.html http://bit.ly/UN1A3z https://github.com/jnunemaker/crack/commit/e3da1212a1f84a898ee3601336d1dbbf118fb5f6 https://rubygems.org/gems/crack/ https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02 http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/ http://subversion.apache.org/security/CVE-2013-1845-advisory.txt http://subversion.apache.org/security/CVE-2013-1846-advisory.txt http://subversion.apache.org/security/CVE-2013-1847-advisory.txt http://subversion.apache.org/security/CVE-2013-1849-advisory.txt http://www.phpmyadmin.net/home_page/security/PMASA-2013-1.php https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02 https://issues.jenkins-ci.org/browse/SECURITY-67 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02 https://issues.jenkins-ci.org/browse/SECURITY-63 https://issues.jenkins-ci.org/browse/SECURITY-69 http://code.google.com/p/httplib2/issues/detail?id=282 https://bugs.launchpad.net/httplib2/+bug/1175272 https://lists.libreswan.org/pipermail/swan-announce/2013/000003.html http://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/ https://kb.isc.org/article/AA-00871 https://kb.isc.org/article/AA-00879 https://puppetlabs.com/security/cve/cve-2013-2275/ http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://downloads.asterisk.org/pub/security/AST-2013-001.html http://www.adobe.com/support/security/bulletins/apsb13-15.html http://www.adobe.com/support/security/bulletins/apsb13-14.html http://www.adobe.com/support/security/bulletins/apsb13-15.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3060 http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level.